Obama Unveils Plan to Foster Cyberattack Data Sharing

WASHINGTON — The White House rolled out several more cybersecurity provisions on Tuesday, including a proposal to better coordinate information sharing between the government and the private sector around cyberattacks and emerging threats.

The announcement follows a similar unveiling on Monday, when President Obama outlined new breach notification legislation requiring banks and merchants to tell customers about a cyberattack within 30 days of discovery. The expanded cybersecurity push comes ahead of the State of the Union address next week — when Obama is expected to raise concerns about data security amidst an ongoing wave of breaches, most recently at Sony Pictures.

"At a time when public and private networks are facing an unprecedented threat from rogue hackers as well as organized crime and even state actors, the President is unveiling the next steps in his plan to defend the nation's systems," the White House said in a factsheet on Tuesday.

Lawmakers debated information-sharing policy last year in both chambers, but a leading bill in the Senate Intelligence Committee failed to come up for a vote on the floor. Broadly similar to those efforts, Obama's plan would promote data sharing between government and the private sector, as well as across industries. Information about an attack or possible attack would be routed through the Department of Homeland Security and protected from the threat of lawsuits in certain cases.

Concerns over liability protection for the private sector have been at the heart of the information-sharing debate in Congress, and how that protection would work in the Obama plan is likely to be a focus once legislative details emerge. While businesses want broad protections in order to safely share threat information, privacy experts remain concerned that the sharing could include personal information about consumers.

The proposal would "require private entities to comply with certain privacy restrictions such as removing unnecessary personal information and taking measures to protect any personal information that must be shared in order to qualify for liability protection," according to the factsheet.

The White House also released a plan to beef up prosecution of cybercrimes, allowing law enforcement to go after the sale of botnets used in some attacks and giving courts authority to shut them in down when used for illegal activity. In addition, it would criminalize the sale of stolen financial information overseas and update some provisions of the Racketeering Influenced and Corrupt Organizations Act to include online crimes. Administration officials will hold a cybersecurity summit at Stanford University next month to further discuss cybercrime and efforts to protect consumers.

For reprint and licensing requests for this article, click here.
Law and regulation Data security Compliance Bank technology Cyber security Data breaches
MORE FROM AMERICAN BANKER