White House cybersecurity plan falls short, IU expert says

May 16, 2011

The Obama Administration outlined what it called sweeping cybersecurity legislation Thursday (May 12), but the proposed new law still provides few incentives, and even fewer legal requirements, for the private sector to provide appropriate security for sensitive personal information, according to an Indiana University cybersecurity expert.

Fred H. Cate, director of the Center for Applied Cybersecurity Research and Distinguished Professor at the Maurer School of Law, said Thursday's announcement from the again focuses on new technologies and collaboration, rather than the creation of legal and for private businesses and organizations to better protect their data. In the wake of massive at companies like Epsilon and Sony, it's clear those businesses and organizations aren't doing their part, he said.

"Since taking office, the Obama Administration has recognized that cybersecurity poses a severe threat to the government, industry, and individuals," Cate said. "But the president has consistently refused to provide legal incentives for industry to invest in good ."

The president himself noted nearly two years ago that "the vast majority of our critical information infrastructure in the United States is owned and operated by the private sector." While seeking technologically driven solutions, the Obama Administration has neglected the one tool that most cybersecurity experts agree would have the most impact, Cate said, and that is new law. Requiring businesses to take more responsibility for their data would be a significant step, but one have been reluctant to take.

"The administration's 'hands-off' approach to cybersecurity thus far hasn't worked," Cate said. "Without appropriate incentives, industry won't invest sufficiently in good security. It really is that simple. Remember, despite possessing sensitive personal information on more than 100 million users of its Network, Sony didn't even have a chief information security officer until a hacker infiltrated their network."

The plan released Thursday by the White House includes tools already being widely used. It clarifies for private industry that it can ask for help from the federal government when dealing with cyberattacks and puts into place a federal breach notification law -- two things, Cate said, that are already taking place.

"The outline of the proposed law completely ignores the fact that there is a growing recognition that the hardest issues in cybersecurity are not technical, but rather legal, behavioral, and organizational," Cate said. "The continuing focus on technology misses the point that we know how to build very successful mousetraps; we just so far haven't proved very good at getting people to invest in and use them."

Cate noted the irony in the president's proposal to subject federal cybersecurity efforts to review for their impact on privacy and other civil liberties.

"The law already requires this, and provides the agency -- the Privacy and Civil Liberties Oversight Board -- to conduct the review," Cate said. "But more than two years into his administration, the president has failed to nominate the members of that board."

Though he commended the president for saying cybersecurity is one of his administration's top priorities, Cate said it will take far more than what has been shown in President Obama's first two years.

"Improving cybersecurity is a huge, but vital, task," he said. "It is a process, not an end. It is a fight we may never win, but we don't stand a chance if we don't bring our laws up to date."

Explore further: Facebook tuning mobile search at social network

add to favorites email to friend print save as pdf

Related Stories

Is danger of identity theft overblown?

May 23, 2006

The announcement yesterday about the loss of personal electronic data on up to 26.5 million veterans is the latest in a string of similar reports about information security breaches at major institutions in the last two year ...

White House set to unveil cyber plan

May 12, 2011

The White House on Thursday is expected to unveil its proposal to enhance the nation's cybersecurity, laying out plans to require industry to better protect systems that run critical infrastructure like the electrical grid, ...

White House unveils cybersecurity plan

May 12, 2011

Companies that run critical U.S. industries such as power plants would get government incentives to make sure their systems are secure from computer-based attacks, the White House said Thursday, detailing its broad proposal to beef up the country's cybersecurity. ...

Recommended for you

Startups offer banking for smartphone users

5 hours ago

The latest banks are small enough to fit in the palm of your hand. Startups, such as Moven and Simple, offer banking that's designed specifically for smartphones, enabling users to track their spending on the go. Some things ...

Ecuador heralds digital currency plans (Update)

Aug 29, 2014

Ecuador is planning to create what it calls the world's first digital currency issued by a central bank, which some analysts believe could be a first step toward abandoning the country's existing currency, ...

'SwaziLeaks' looks to shake up jet-setting monarchy

Aug 29, 2014

As WikiLeaks founder Julian Assange prepares to end a two-year forced stay at Ecuador's London embassy, he may take comfort in knowing he inspired resistance to secrecy in places as far away as Swaziland.

WEF unveils 'crowdsourcing' push on how to run the Web

Aug 28, 2014

The World Economic Forum unveiled a project on Thursday aimed at connecting governments, businesses, academia, technicians and civil society worldwide to brainstorm the best ways to govern the Internet.

User comments : 0