In his State of the Union address Tuesday night, President Barack Obama is expected to focus on several new cybersecurity and privacy proposals recently announced by the White House. The measures call for greater information sharing between the federal government and private companies, and new security initiatives to prevent high-profile hacks.
At a White House meeting recently with congressional leaders, Obama said both parties could agree to strengthen cybersecurity. The recent attack at Sony Pictures and a hack of a Pentagon Twitter feed by supporters of the Islamic State group, he said, underscore the need to act.
"It just goes to show how much more work we need to do both public and private sector, to strengthen our cybersecurity, to make sure family’s bank accounts are safe, to make sure that our public infrastructure’s safe," Obama said.
While U.S. government computer systems are generally well-protected, the same cannot be said of many private and corporate networks, said Daily Beast senior correspondent Shane Harris. This puts at risk all kinds of data, from banking and credit records to email communications to control of the nation’s electric grid.
"We don’t regulate Internet security the way we do, say, chemical plants and food production facilities. We just don’t do that – we might, but we’re not doing that now," said Harris.
In all, the White House has introduced three separate measures to combat cybercrime and strengthen privacy.
The first, the Personal Data Protection and Notification Act, would require companies that handle data to alert customers if any of their private information had been compromised or stolen by hackers within 30 days.
The measure has won strong backing by many retailers and other data companies.
Denise Zheng, senior fellow at the Center for Strategic and International Studies, said that’s because companies are already dealing with a costly and cumbersome patchwork of similar laws in different states.
"There are currently 47 different states that have data breach notification laws already on the books," Zheng said. "What this bill would do is actually create some more regulatory certainty and a standard across the country."
Another proposal would encourage private corporations to voluntarily share certain types of information with each other and with the federal Department of Homeland Security.
"Where the administration’s proposal leaves gaps is in privacy policies," said Harley Geiger, senior council at the Center for Democracy and Technology. "It actually relies rather heavily on privacy procedures that have not yet been written. The law would require them to be written, but since they have not been created, it is impossible to gauge whether or not they would actually be effective."
So far, congressional leaders have been mostly silent about whether they would support or oppose the president’s initiatives. An earlier proposal to protect consumers from fraud and government intrusion failed in Congress last year.
Cyber journalist Harris said Obama’s reference to protecting family bank accounts may, in fact, be the proposal’s best selling point.
"We talk a lot about credit card information being stolen and it’s very easy to get your credit card replaced, but what happens if somebody hacks your checking account and you wake up one morning and your balance is zero? If something like that were to start to happen – and that’s something that’s happened to corporations in this country – then you’re going to see a level of public concern and alarm over this that could be very destabilizing," said Harris.
Still, it’s unclear how much pressure U.S. lawmakers will feel from the public to pass these measures.