Last July, President Barack Obama published a Wall Street Journal article detailing his stance on cyber security. The President emphasized that the vast majority of our country, from food delivery to transportation to national defense, is operated through the cyber world. This article calls for legislative action to enhance cyber security. In order for this to happen, companies and the government need to be able to share information regarding cyber attacks so that speedy recovery and future prevention is easier to achieve. However, the President is careful to include the importance of individual privacy, and that any cyber security law needs to include proper protections against inappropriate usage of personal information.
In February 2013, he signed an executive order which seeks to address this topic. The order is not law, but encourages government agencies to share information on cyber attacks with the private sector in order for them to be able to cater their security towards existing and prevalent threats. It also asks the National Institute of Standards and Technology (NIST) to establish a set of cyber security standards to provide guidelines to companies.
The Cyber Intelligence Sharing and Protection Act (CISPA), which was passed by the House of Representatives this past Thursday (April 18, 2013) and is outlined in this article, however, allows information sharing to flow not only from the government to companies but also from the private sector to government agencies. This would allow the government to aid companies in strengthening their cyber security systems, as well as pick up leads on hackers. Privacy advocacy groups and the White House, however, have had problems with the language of the bill. CISPA overrules existing federal and state law, making it okay for companies to share costumer information with the government without legal liability. President Obama has already promised to veto CISPA on the grounds that it does not adequately address privacy concerns. Ideally, legislation will come to the table that enacts the sentiment of Obama’s executive order and CISPA, but with provisions for the blocking of sharing explicitly personal content.