In his 2015 State of the Union address, Pres. Obama declared:
No foreign nation, no hacker, should be able to shut down our networks, steal our trade secrets, or invade the privacy of American families… We are making sure our government integrates intelligence to combat cyber threats, just as we have done to combat terrorism. And tonight, I urge this Congress to finally pass the legislation we need to better meet the evolving threat of cyber-attacks [and] combat identity theft… If we don’t act, we’ll leave our nation and our economy vulnerable. If we do, we can continue to protect the technologies that have unleashed untold opportunities for people around the globe.
According to The Hill,
Although the president previously called for cybersecurity legislation during his annual address in 2013, Tuesday night’s plea easily surpassed any previous cyber mention in specificity, breadth and urgency…. For lawmakers who have spent years struggling to convince colleagues of the colossal dangers of weak cybersecurity, the president’s remarks were quite welcome, if not a bit late.
The President’s Data Security Agenda
In December, 2014, the President said:
In this interconnected, digital world, there are going to be opportunities for hackers to engage in cyber assaults both in the private sector and the public sector. Now, our first order of business is making sure that we do everything to harden sites and prevent those kinds of attacks from taking place…
We couldn’t agree more. The problem is, the focus of the president’s cyber security effort seems to be on data sharing – not data protection. Sharing data about cyberattacks is, of course, a good thing. However, it takes a lot more than sharing data to actually prevent the attacks.
Highlights of the President’s Legislative Proposal
The latest White House cybersecurity proposal includes the following features:
- Enabling Cybersecurity Information Sharing – promoting more sharing between the public and private sectors, and within the private sector. Encouraging the private sector to share information with the Department of Homeland Security’s National Cybersecurity and Communications Integration Center.
- Modernizing Law Enforcement Authorities to Combat Cyber Crime
- criminalizing the overseas sale of stolen US financial information like credit card and bank account numbers
- expanding federal law enforcement authority to deter the sale of spyware used to stalk or commit ID theft
- giving courts the authority to shut down botnets engaged in distributed denial of service attacks and other criminal activity
- making the Racketeering Influenced and Corrupt Organizations Act (RICO) apply to cybercrimes
- National Data Breach Reporting
Will Congress Act on Data Security?
Rep. Elijah Cummings (D-Md.), ranking member of the House Oversight and Government Reform Committee, told The Hill that Congress doesn’t “have the right not to get something done on this.” He added that he “would consider it political malpractice not to do something.”
In a rare show of bi-partisanship, Homeland Security Chairman Ron Johnson (R-Wis.) and Intelligence Chairman Richard Burr (R-N.C.) indicated that they’re ready to work with the President on the cybersecurity issue.
The Republican senators reportedly feel that the White House should focus on information sharing about cyber security threats between the public and private sectors.
There go the horses…
All of this government attention on data security is great, but most of it’s still about closing the barn door after the horse is long gone. We may have a better idea where the horse went and who the horse thieves are, and we may have more ways to punish those thieves – in the unlikely event that we can catch them – but we’re still going to lose a lot of horses.
What’s needed is more emphasis on PREVENTION of data theft in the first place – by requiring better data security as an industry standard.
One encouraging development is the scheduling of a White House Summit on Cybersecurity and Consumer Protection at Stanford University on February 13 “to help shape public and private sector efforts to protect American consumers and companies from growing threats to consumers and commercial networks.”
Topics at the Summit will include improving adoption and use of more secure payment technologies. We hope that discussion will cover dynamic encryption as one highly effective means for preventing data theft.
To learn more about PACid’s data security solutions, and how our “bolt on” security can keep the barn door locked shut, click here.