The White House on Tuesday unveiled details of legislation designed to address problems of cybersecurity, an issue that has taken on new urgency in light of the severe hacking perpetrated on Sony Pictures Entertainment.
The legislation, which revises a 2011 proposal sidelined in Congress, encourages private sector companies to share cyber-threat information with the Department of Homeland Security’s National Cybersecurity and Communications Integration Center, which would then share the information “as close to real time as practicable” with federal agencies as well as so-called information sharing and analysis organizations, known as ISAOs. The incentive for companies is that they would get some “targeted” liability protection for sharing such information.
The legislation also would require private companies to comply with privacy restrictions, such as removing unnecessary personal information and, in order to comply with liability protection, taking measures to protect data that is shared with government agencies.
In the wake of the hacking, SPE is facing at least eight class action lawsuit from former employees, claiming that the company was negligent in protecting their personal information. SPE has not filed responses, but it has called the hacking attack unprecedented for an American corporation.
The new legislation also would require that the Department of Homeland Security and the Attorney General develop “receipt, retention, use and disclosure guidelines” for the federal government. Other aspects of the proposal would criminalize the overseas sale of financial information like credit card numbers and bank account numbers, and would give courts the authority to shut down “botnets,” used in denial of service attacks.
On Monday, the administration announced a proposal to set federal standards for data breach reporting, setting a timetable requiring companies to notify their employees and customers of a breach. Such a federal law would replace a patchwork of state statutes.
The White House also announced a summit on cybersecurity and consumer protection at Stanford University on Feb. 13, expected to draw senior administration officials, CEOs, law enforcement officials and consumer advocates.
President Obama will visit the National Cybersecurity and Communications Integration Center in Arlington, Va., on Tuesday afternoon.
In a blog post, MPAA chairman Chris Dodd wrote that “law enforcement must be given the resources they need to police these criminal activities. And responsible participants in the Internet ecosystem – content creators, search, payment processors, ad networks, ISPs – need to work more closely together to forge initiatives to stop the unlawful spread of illegally-obtained content.”