President Obama is proposing that the government and private sector work together to address cybersecurity. “It’s going to have to be a shared mission — government and industry working hand in hand,” said Obama.
The New York Times reports that Obama is calling for new legislation that would "encourage companies to share threat information — such as Internet Protocol addresses, date and time stamps, and routing information — with the Department of Homeland Security (DHS), which would swiftly pass it on to other government agencies and industry groups voluntarily formed to share such material."
According to a White House statement, as long as companies took steps to protect consumers' personal information, the companies that participate would get "targeted liability protection" for doing so.
The information-sharing proposal is meant to encourage private sector entities to share cyber threat data with the DHS 24-hour cyber watch center – the National Cybersecurity and Communications Integration Center (NCCIC). NCCIC, pronounced "en-kick", is the cybersecurity operations center in Arlington, VA, that Obama signed into law last month.
According to Politico, "Under the administration's proposal, NCCIC would share data it receives in close to real-time with other federal agencies, and with new private sector organization information sharing organizations."
President Obama also called for law enforcement tools to combat cybercrime, such as criminalizing the overseas sale of stolen U.S. financial information. The new legislation would also allow for the prosecution of the sale or rent of botnets and would expand federal law enforcement authority to deter the sale of spyware.
These announcements follow the administration's new proposed National Data Breach Reporting legislation. According to the White House, the updated proposal helps businesses and consumers by “simplifying and standardizing the existing patchwork of 46 state laws (plus the District of Columbia and several territories) that contain these requirements into one federal statute, and puts in place a single clear and timely notice requirement to ensure that companies notify their employees and customers about security breaches.”
President Obama has tried for three years to persuade Congress to pass a cybersecurity bill. However, according to Politico, the administration feels that public fears about hackers and cybercrime, in the wake of the highly publicized cyber attacks on Sony, JP Morgan,Target and others, can build momentum for cybersecurity reforms that have previously stalled out in Congress.