“No foreign nation, no hacker, should be able to shut down our networks, steal our trade secrets, or invade the privacy of American families, especially our kids”. Those were the words that echoed as President Obama lectured to Congress and the American people in his State of the Union address Tuesday urging them to embrace his proposed cyber-security legislation.
Obama further stated, “We are making sure our government integrates intelligence to combat cyber threats, just as we have done to combat terrorism. So tonight, I urge this Congress to finally pass the legislation we need to better meet the evolving threat of cyber-attacks, combat identity theft, and protect our children’s information”.
President Obama recently presented “The Cyber Intelligence Sharing and Protection Act”, also known as CISPA which allows companies to share cyber threat information with the Department of Homeland Security (DHS). The Bill offers liability protection to these companies as long as they remove personal information from the data and also permits DHS to share the information with other federal agencies in case they need to respond to or be aware of cyber attacks.
Privacy Advocacy groups such as the Electronic Frontier Foundation (EFF) and the American Civil Liberties Union (ACLU) have strong concerns with this legislation citing “nothing the president is proposing would do anything to actually improve cyber security” and calling the President legislation a “mishmash of old, outdated policy solutions,” and argued that the information-sharing proposals risk exposing Americans’ private information.
Cyber security experts are also not big fans of Obama’s proposed legislation stating, “it would do very little to stop data breaches” and there are many more pressing issues such as security patches, faulty software, cyber war and state-sponsored attacks the President did not address.
In fact, Jeremiah Grossman, the iCEO and Founder of White Hat Security Professional Services stated,
“Obama’s recommended cyber-security legislation will do absolutely nothing to stop the hackers we’re concerned about or protect any of the companies who were victimized. And it certainly won’t protect ‘the children.’ What the legislation will do is adversely affect me from helping protect hundreds of companies I’m responsible for every day. My research and technology would effectively become criminalized.”
The President insisted, “If we don’t act, we’ll leave our nation and our economy vulnerable,” and suggested that, “If we do, we can continue to protect the technologies that have unleashed untold opportunities for people around the globe.”
The President has also proposed the reform of another controversial law titled the Computer Fraud and Abuse Act (CFAA). The CFAA is an anti-hacking law that would raise penalties for cybercrimes, but can easily hurt security researchers and Penetration Testers alike.
A long stating necessity in the cyber security field is the demand for qualified information security practitioners to assist with the protection of our critical infrastructure. Many security professionals feel the focus should be on improving the skills of its cyber-security workforce and not imposing harsh and outdated legislation. President Obama mentioned the topic, but no details were provided.
What is your stance on this matter, will the new legislation help us fight the cyber battle or will it hinder and hurt Internet privacy and cyber-security, share you thoughts with us.