Under a new White House proposal, private companies will be partially protected from legal action when they share information with the federal government about cybercrime, officials said Tuesday.
President Barack Obama planned to unveil the legislative plan during an event at the federal government’s cyber security agency outside Washington. The event is part of a week-long administration focus on combatting cybercrime.
That push was preceded by Monday’s hacking of the Twitter account belonging to U.S. Central Command, the military body responsible for waging Obama’s mission against Islamic State terrorists in Syria and Iraq. Hackers posted pro-ISIS messages and some non-classified military documents, and officials described the social media breach as vandalism rather than an attack.
But the incident underscored the government’s struggle to get ahead of a burgeoning threat against American computers and networks. The push also comes weeks after perhaps the highest-profile hacking in American corporate history at Sony Pictures, which the U.S. government says was the work of North Korea.
“With the Sony attacks that took place, with the Twitter account that was hacked by Islamist jihadist sympathizers yesterday, it just goes to show how much more work we need to do, both public and private sector, to strengthen our cybersecurity to make sure that families’ bank accounts are safe, to make sure that our public infrastructure is safe,” Obama said at a meeting with congressional leaders Tuesday.
Experts say government systems are vulnerable to cyberattacks: aside from the CENTCOM hack, the White House says its computer systems were compromised at the end of last year. And a December report from the Government Accountability Office says the Department of Homeland Security hasn’t prepared for potential hacks of their facilities’ infrastructures, including heating and air conditioning systems.
The measure Obama is set to propose Tuesday would provide private companies with some liability protection when they share information about cybercrime with federal law enforcement agencies. The plan would mandate companies strip their crime reports of any private information about individuals. And it would criminalize the sale of banking information stolen via cybertheft.
“Today, at a time when public and private networks are facing an unprecedented threat from rogue hackers as well as organized crime and even state actors, the President is unveiling the next steps in his plan to defend the nation’s systems,” the White House said in announcing the new plan. Officials also said Obama would attend an administration-sponsored summit on cybersecurity at Stanford University in February.
On Monday Obama proposed a separate measure that would force American companies to provide more information to consumers when their personal information is stolen by hackers. That comes after several high-profile hacks, including at Home Depot and Target.
White House officials believe cyber security is a potential area of compromise with Republicans who now control both chambers of Congress. House Speaker John Boehner’s office said the issue arose during a meeting between Obama and lawmakers at the White House Tuesday, noting that some GOP-backed measures bolstering security were blocked by Democrats.
“The Speaker said Republicans are ready to work with both parties to address this important issue and put some common-sense measures on the president’s desk,” Boehner’s office said in a description of the meeting.
In his remarks, Obama said he and Republican leaders “agree that this is an area where we can work hard together and get some legislation done, and make sure that we are much more effective in protecting the American people from these kinds of cyber attacks.”
Retailers say they’re open to working more closely with the government on countering cybercrime.
“Collaboration between industry and government to share threat information is crucial in the fight against sophisticated and persistent cyber criminals,” said Nicholas Ahrens, who heads cybersecurity efforts at the Retail Industry Leaders Association. He said his group’s members were ready to coordinate with federal agencies to “protect customers from cyber criminals.”