White House cybersecurity plan falls short, IU expert says

May 16, 2011

The Obama Administration outlined what it called sweeping cybersecurity legislation Thursday (May 12), but the proposed new law still provides few incentives, and even fewer legal requirements, for the private sector to provide appropriate security for sensitive personal information, according to an Indiana University cybersecurity expert.

Fred H. Cate, director of the Center for Applied Cybersecurity Research and Distinguished Professor at the Maurer School of Law, said Thursday's announcement from the again focuses on new technologies and collaboration, rather than the creation of legal and for private businesses and organizations to better protect their data. In the wake of massive at companies like Epsilon and Sony, it's clear those businesses and organizations aren't doing their part, he said.

"Since taking office, the Obama Administration has recognized that cybersecurity poses a severe threat to the government, industry, and individuals," Cate said. "But the president has consistently refused to provide legal incentives for industry to invest in good ."

The president himself noted nearly two years ago that "the vast majority of our critical information infrastructure in the United States is owned and operated by the private sector." While seeking technologically driven solutions, the Obama Administration has neglected the one tool that most cybersecurity experts agree would have the most impact, Cate said, and that is new law. Requiring businesses to take more responsibility for their data would be a significant step, but one have been reluctant to take.

"The administration's 'hands-off' approach to cybersecurity thus far hasn't worked," Cate said. "Without appropriate incentives, industry won't invest sufficiently in good security. It really is that simple. Remember, despite possessing sensitive personal information on more than 100 million users of its Network, Sony didn't even have a chief information security officer until a hacker infiltrated their network."

The plan released Thursday by the White House includes tools already being widely used. It clarifies for private industry that it can ask for help from the federal government when dealing with cyberattacks and puts into place a federal breach notification law -- two things, Cate said, that are already taking place.

"The outline of the proposed law completely ignores the fact that there is a growing recognition that the hardest issues in cybersecurity are not technical, but rather legal, behavioral, and organizational," Cate said. "The continuing focus on technology misses the point that we know how to build very successful mousetraps; we just so far haven't proved very good at getting people to invest in and use them."

Cate noted the irony in the president's proposal to subject federal cybersecurity efforts to review for their impact on privacy and other civil liberties.

"The law already requires this, and provides the agency -- the Privacy and Civil Liberties Oversight Board -- to conduct the review," Cate said. "But more than two years into his administration, the president has failed to nominate the members of that board."

Though he commended the president for saying cybersecurity is one of his administration's top priorities, Cate said it will take far more than what has been shown in President Obama's first two years.

"Improving cybersecurity is a huge, but vital, task," he said. "It is a process, not an end. It is a fight we may never win, but we don't stand a chance if we don't bring our laws up to date."

Explore further: UN moves to strengthen digital privacy (Update)

add to favorites email to friend print save as pdf

Related Stories

Is danger of identity theft overblown?

May 23, 2006

The announcement yesterday about the loss of personal electronic data on up to 26.5 million veterans is the latest in a string of similar reports about information security breaches at major institutions in the last two year ...

White House set to unveil cyber plan

May 12, 2011

The White House on Thursday is expected to unveil its proposal to enhance the nation's cybersecurity, laying out plans to require industry to better protect systems that run critical infrastructure like the electrical grid, ...

White House unveils cybersecurity plan

May 12, 2011

Companies that run critical U.S. industries such as power plants would get government incentives to make sure their systems are secure from computer-based attacks, the White House said Thursday, detailing its broad proposal to beef up the country's cybersecurity. ...

Recommended for you

UN moves to strengthen digital privacy (Update)

4 hours ago

The United Nations on Tuesday adopted a resolution on protecting digital privacy that for the first time urged governments to offer redress to citizens targeted by mass surveillance.

Spotify turns up volume as losses fall

4 hours ago

The world's biggest music streaming service, Spotify, announced Tuesday its revenue grew by 74 percent in 2013 while net losses shrank by one third, in a year of spectacular expansion.

Virtual money and user's identity

10 hours ago

Bitcoin is the new money: minted and exchanged on the Internet. Faster and cheaper than a bank, the service is attracting attention from all over the world. But a big question remains: are the transactions ...

User comments : 0

Please sign in to add a comment. Registration is free, and takes less than a minute. Read more

Click here to reset your password.
Sign in to get notified via email when new comments are made.