President Obama unveiled a series of initiatives in January to better prepare the country to defend against data breaches, theft of intellectual property through cyber means, and cyberattacks that impose costs and consequences for the U.S. economy.
"This is a direct threat to the economic security of American families, and we've got to stop it," Obama said at the FTC. "If we’re going to be connected, we've got to be protected."
His cybersecurity legislative proposals recommend that Congress write legislation to increase information sharing between the private and public sectors. In the last Congress, the President threatened to veto legislation passed by the House (H.R. 624) and reported by the Senate Intelligence Committee (S. 2588), which would have provided liability protection for companies that share cyberthreat data with government or industry partners.
Privacy advocates strongly objected to those measures, arguing they would potentially allow the U.S. government to increase its surveillance of the Internet. The President’s proposal attempts to address those concerns by requiring private entities that share voluntarily under the proposal's authority to comply with certain privacy restrictions, such as removing unnecessary personal information in order to qualify for liability protection.
“Cyberattacks are a growing danger to the United States, our economy, and our national security, said Rep. Devin Nunes (R-CA), Chairman of the House Intelligence Committee in a statement responding to President Obama’s remarks to the FTC. “This Congress needs to strengthen our defenses against these attacks by passing an effective information sharing bill.”
The President also proposed legislation to provide law enforcement with tools to investigate, disrupt, and prosecute cybercrime, including sellers of “botnets,” infected computers used to distribute spam e-mails, disrupt service, or spread viruses. To fund these enforcement tools, the President’s fiscal year 2016 budget proposes $14 billion in cybersecurity funding for critical initiatives and research, including $243 million to support research and development at civilian agencies to support innovative cybersecurity technologies, and $514 million for the Department of Justice to investigate cyber intrusions which pose serious national security threats and to prosecute the offenders.
Finally, the President called on Congress to enact legislation requiring companies to notify customers within 30 days if their personal information has been compromised in a data breach. Previous legislative efforts got bogged down over disagreements within industries over who bears the costs of notification, and between business groups and privacy advocates over the need for state pre-emption.