Obama Thinks Cyberthreat Sharing is Ready for Comeback

President Barack Obama speaks at the National Cybersecurity and Communications Integration Center in Arlington, Va.

President Barack Obama speaks at the National Cybersecurity and Communications Integration Center in Arlington, Va. Evan Vucci/AP

Featured eBooks
Digital Transformation
Read Now

Federal IT Modernization Still a Major Challenge

Read Now

DHS’ next chapter as an enterprise services provider

Read Now

What's happening in health tech

Read Now
Aliya Sternstein By Aliya Sternstein,
Senior Correspondent

By Aliya Sternstein

|

The Obama administration plans to rewrite a 2011 legislative proposal for collecting information from hacked companies and sharing it across industry -- to alleviate privacy concerns.

The Obama administration plans to revise a 2011 legislative proposal for collecting information from hacked companies and sharing it across industry. The rewrite aims to alleviate privacy concerns. 

The move follows incessant cyberassaults against banks, energy companies and other critical sectors.

The original legislation lost steam after revelations of domestic spying and industry concerns about being held liable for shoddy security. While the forthcoming language focuses on data gathering, federal officials acknowledged they can do better at holding up their end of the bargain -- sharing useful government intelligence with companies.

Obama unveiled the initiative a day after proposing a nationwide statute that would compel companies whose customer information is hacked to notify affected individuals within 30 days.

The president this week is also expected to announce a Feb. 13 White House cybersecurity summit hosted, not at 1600 Pennsylvania Ave., but at Stanford University, with a focus on public-private partnerships. And the administration will make available financial grants for students at historically black colleges who pursue cybersecurity studies.

All these efforts are a reaction to a growing hacker threat the nation's government, private sector and cyber pros are still struggling to reign in.

Under the new information-sharing bill, the shared data would end up at the National Cybersecurity Communications and Integration Center, a 24/7 information-sharing facility managed by the Department of Homeland Security. Obama visited the facility Tuesday afternoon to debut the legislative proposal.

"This is a matter of public safety, of public health and most of this infrastructure is owned and operated by the private sector,” he said. “So neither government nor the private sector can defend the nation alone. It's going to have to be a shared mission."

There is much greater support for information-sharing legislation today than in 2011. But it remains unclear whether Republicans, businesses and civil liberties advocates will agree to the administration’s terms.

Sen. Ron Johnson, R-Wisc., chairman of the Senate Homeland Security and Governmental Affairs Committee, said in a statement, "I look forward to working with the White House and other committees of jurisdiction to make information-sharing a reality.”

His House counterpart, Rep. Michael McCaul, R-Texas, chairman of the Homeland Security Committee, chastised Obama for waiting for "an attack on Hollywood" -- a reference to the breach of Sony computer systems -- to re-engage Congress on cybersecurity, but said he welcomed his participation in the conversation.

"My committee is currently working on cybersecurity legislation to remove any unnecessary legal barriers for the private sector to share cyber threat information," he said.

McCaul plans to review the president's proposal in detail.

On Tuesday, a senior administration official told reporters legislation is necessary to make it easier for threat data from companies to flow back to the government.  

“The president can direct much more information flow out of the government” without new legislation, the official said.

A two-way exchange ideally could swiftly generate, in essence, “a weather map for cyberspace,” so security analysts “have some visibility into what is happening in cyberspace writ broadly,” the official said.

Under a March 2013 executive order issued after Obama’s initial legislation faltered, federal agencies were expected to share tips with the private sector when a danger to a company became apparent. But some firms say they are not receiving practical details.

“A piece of this is making sure that we are pushing out this information that is actually actionable so that companies can actually do something,” the official said.

To deal with privacy and liability issues, the proposal would restrict the types of information that will be amassed and restricts how that information will be used.

The “indicators” of an attack the government accumulates would be limited to electronic routing information, such as dates, time stamps and IP addresses. The data would be analyzed to investigate cybercrimes, hazards to minors and threats to bodily harm.  

The information collected would not be used to penalize companies for privacy breaches, according to the administration.

“As long as companies take reasonable steps to remove irrelevant personally identifiable information from that sharing” and comply with other forthcoming guidelines, companies will not be held liable, the official said.

Obama holds the view that under his watch, the nation is now more prepared for cyberattacks, but adversaries are more determined to foil those preparations.  

"We've got to stay ahead of those who would do us harm,” he said. “The problem is that government and the private sector are still not always working as closely together as we should. Sometimes, it's still too hard for government to share threat information with companies" and vice versa.   

NEXT STORY: No easy answers on managing mobile security

X
This website uses cookies to enhance user experience and to analyze performance and traffic on our website. We also share information about your use of our site with our social media, advertising and analytics partners. Learn More / Do Not Sell My Personal Information
Accept Cookies
X
Cookie Preferences Cookie List

Do Not Sell My Personal Information

When you visit our website, we store cookies on your browser to collect information. The information collected might relate to you, your preferences or your device, and is mostly used to make the site work as you expect it to and to provide a more personalized web experience. However, you can choose not to allow certain types of cookies, which may impact your experience of the site and the services we are able to offer. Click on the different category headings to find out more and change our default settings according to your preference. You cannot opt-out of our First Party Strictly Necessary Cookies as they are deployed in order to ensure the proper functioning of our website (such as prompting the cookie banner and remembering your settings, to log into your account, to redirect you when you log out, etc.). For more information about the First and Third Party Cookies used please follow this link.

Allow All Cookies

Manage Consent Preferences

Strictly Necessary Cookies - Always Active

We do not allow you to opt-out of our certain cookies, as they are necessary to ensure the proper functioning of our website (such as prompting our cookie banner and remembering your privacy choices) and/or to monitor site performance. These cookies are not used in a way that constitutes a “sale” of your data under the CCPA. You can set your browser to block or alert you about these cookies, but some parts of the site will not work as intended if you do so. You can usually find these settings in the Options or Preferences menu of your browser. Visit www.allaboutcookies.org to learn more.

Sale of Personal Data, Targeting & Social Media Cookies

Under the California Consumer Privacy Act, you have the right to opt-out of the sale of your personal information to third parties. These cookies collect information for analytics and to personalize your experience with targeted ads. You may exercise your right to opt out of the sale of personal information by using this toggle switch. If you opt out we will not be able to offer you personalised ads and will not hand over your personal information to any third parties. Additionally, you may contact our legal department for further clarification about your rights as a California consumer by using this Exercise My Rights link

If you have enabled privacy controls on your browser (such as a plugin), we have to take that as a valid request to opt-out. Therefore we would not be able to track your activity through the web. This may affect our ability to personalize ads according to your preferences.

Targeting cookies may be set through our site by our advertising partners. They may be used by those companies to build a profile of your interests and show you relevant adverts on other sites. They do not store directly personal information, but are based on uniquely identifying your browser and internet device. If you do not allow these cookies, you will experience less targeted advertising.

Social media cookies are set by a range of social media services that we have added to the site to enable you to share our content with your friends and networks. They are capable of tracking your browser across other sites and building up a profile of your interests. This may impact the content and messages you see on other websites you visit. If you do not allow these cookies you may not be able to use or see these sharing tools.

If you want to opt out of all of our lead reports and lists, please submit a privacy request at our Do Not Sell page.

Save Settings
Cookie Preferences Cookie List

Cookie List

A cookie is a small piece of data (text file) that a website – when visited by a user – asks your browser to store on your device in order to remember information about you, such as your language preference or login information. Those cookies are set by us and called first-party cookies. We also use third-party cookies – which are cookies from a domain different than the domain of the website you are visiting – for our advertising and marketing efforts. More specifically, we use cookies and other tracking technologies for the following purposes:

Strictly Necessary Cookies

We do not allow you to opt-out of our certain cookies, as they are necessary to ensure the proper functioning of our website (such as prompting our cookie banner and remembering your privacy choices) and/or to monitor site performance. These cookies are not used in a way that constitutes a “sale” of your data under the CCPA. You can set your browser to block or alert you about these cookies, but some parts of the site will not work as intended if you do so. You can usually find these settings in the Options or Preferences menu of your browser. Visit www.allaboutcookies.org to learn more.

Functional Cookies

We do not allow you to opt-out of our certain cookies, as they are necessary to ensure the proper functioning of our website (such as prompting our cookie banner and remembering your privacy choices) and/or to monitor site performance. These cookies are not used in a way that constitutes a “sale” of your data under the CCPA. You can set your browser to block or alert you about these cookies, but some parts of the site will not work as intended if you do so. You can usually find these settings in the Options or Preferences menu of your browser. Visit www.allaboutcookies.org to learn more.

Performance Cookies

We do not allow you to opt-out of our certain cookies, as they are necessary to ensure the proper functioning of our website (such as prompting our cookie banner and remembering your privacy choices) and/or to monitor site performance. These cookies are not used in a way that constitutes a “sale” of your data under the CCPA. You can set your browser to block or alert you about these cookies, but some parts of the site will not work as intended if you do so. You can usually find these settings in the Options or Preferences menu of your browser. Visit www.allaboutcookies.org to learn more.

Sale of Personal Data

We also use cookies to personalize your experience on our websites, including by determining the most relevant content and advertisements to show you, and to monitor site traffic and performance, so that we may improve our websites and your experience. You may opt out of our use of such cookies (and the associated “sale” of your Personal Information) by using this toggle switch. You will still see some advertising, regardless of your selection. Because we do not track you across different devices, browsers and GEMG properties, your selection will take effect only on this browser, this device and this website.

Social Media Cookies

We also use cookies to personalize your experience on our websites, including by determining the most relevant content and advertisements to show you, and to monitor site traffic and performance, so that we may improve our websites and your experience. You may opt out of our use of such cookies (and the associated “sale” of your Personal Information) by using this toggle switch. You will still see some advertising, regardless of your selection. Because we do not track you across different devices, browsers and GEMG properties, your selection will take effect only on this browser, this device and this website.

Targeting Cookies

We also use cookies to personalize your experience on our websites, including by determining the most relevant content and advertisements to show you, and to monitor site traffic and performance, so that we may improve our websites and your experience. You may opt out of our use of such cookies (and the associated “sale” of your Personal Information) by using this toggle switch. You will still see some advertising, regardless of your selection. Because we do not track you across different devices, browsers and GEMG properties, your selection will take effect only on this browser, this device and this website.