President Obama’s renewed push this week to protect U.S. computer networks from hacking was welcomed by industry leaders, though it lacks the financial incentives companies have been seeking.
Following corporate data breaches of companies including Sony Corp. and Target Corp., Obama outlined a cybersecurity and identity theft program he plans to highlight in his State of the Union address. Obama gave the details in a speech at the Federal Trade Commission.
“The notion that cybersecurity is going to be a prominent feature in the president’s State of the Union address is a big deal,” Larry Clinton, president of the Internet Security Alliance, which represents technology and manufacturing companies, said in a telephone interview. “We think a lot more needs to be done.”
Most of what Obama proposed isn’t new. He renewed calls for Congress to pass stalled proposals, such as a federal data-breach notification law and legislation giving companies legal protections for sharing information about hacking threats with each other and the government.
“Major companies get hacked; people’s personal financial information gets stolen,” Obama said Monday. “The problem is growing.”
As if to underscore the issue, the U.S. Central Command’s Twitter account was compromised with messages purporting to be from the Islamic State in Iraq and the Levant while Obama was speaking. The Twitter feed was quickly suspended, and the command’s public website wasn’t affected.
While praising Obama’s effort, Clinton said the administration could do more by providing incentives for companies that adopt the best cybersecurity practices. Incentives could include lessening regulations or giving companies preferences when it comes to winning government contracts, he said.
“The administration has been reviewing these for quite a while now and we are hopeful they will be coming out with a proposal of their own in that direction fairly shortly,” Clinton said.
Senate Commerce Committee Chairman John Thune, a South Dakota Republican who is scheduled to meet with Obama Tuesday, said he’s prepared to work with the president on cybersecurity and identity theft measures.
“I look forward to our meeting at the White House tomorrow and hope that the president’s actions on this critical subject match his rhetoric about working with Congress,” Thune said via e-mail.
In February, the Obama administration announced standards that companies can voluntarily follow to defend their networks from hackers. Industry groups have said the standards are good but fall short without incentives. The administration and companies have since been working on developing them.
Obama proposed legislation Monday that would require companies that have consumer data hacked to notify customers who are at risk. It would also criminalize the overseas trade in fraudulent identities. Companies would have 30 days from learning of a breach to tell customers.