WASHINGTON President Barack Obama on Tuesday renewed a push to beef up U.S. cybersecurity laws after recent headline-grabbing hacking attacks against companies like Sony Pictures (6758.T), Home Depot (HD.N) and Target (TGT.N).
During a tour of a “war room” at the Department of Homeland Security's cybersecurity nerve center, Obama said the recent attacks have highlighted the threat faced by financial systems, power grids and healthcare systems that run on networks connected to the Internet.
"We've got to stay ahead of those who would do us harm. The problem is that government and the private sector are still not always working as closely together as we should," Obama said.
Congress has tried and failed for years to pass legislation to encourage companies to share data from attacks with the government, and each other, but grappled with liability issues raised by companies and privacy concerns from civil liberties groups.
But Obama proposed legislation, due to be sent to Congress on Tuesday, that seeks a balance. It would offer liability protection to companies that provide information in near-real-time to the government, but require them to strip it of any personal data.
Obama has elevated cybersecurity to the top of his 2015 agenda, seeing it as an area where cooperation is possible with the Republican-led Congress.
He discussed the legislation on Tuesday with House Speaker John Boehner and Senate Majority Leader Mitch McConnell and said they agreed cybersecurity needs to be addressed.
The White House will also build momentum for the legislative move at a cybersecurity summit slated for Feb. 13 in Silicon Valley, at Stanford University.
"Foreign governments, criminals and hackers probe America's computer networks every single day. We saw that again in the attack on Sony," Obama said.
Obama has blamed the Sony hack on North Korea. A top Treasury Department sanctions official told lawmakers at a hearing on Tuesday the agency was looking at more ways to cut the country off from international financial systems.
On Monday, people claiming to be allied with Islamic State militants hacked social media accounts for the U.S. military command that oversees operations in the Middle East.
The attack is still under investigation but did not seem to have affected classified information, Obama said.
U.S. cyber officials and companies have for years urged Congress to codify how they can best exchange information to respond to hacking attacks.
Obama proposed legislation in 2011 that fizzled in Congress. His revised plan seeks to address corporate concerns that companies get immunity against government and private lawsuits based on cyber threat-related data shared with federal authorities.
Privacy advocates applauded the proposal to require companies to strip private information from the data they share, and cautiously welcomed a call for new privacy rules that will determine how federal agencies are allowed to use and store the data.
"It is a thoughtful proposal but ... there are still many gaps that need to be filled,” said Harley Geiger, senior counsel at the Center for Democracy and Technology.
Privacy advocates remain concerned about the access that intelligence agencies may have to the information companies share with the Department of Homeland Security, following last year's disclosures about the scope of U.S. surveillance programs by former contractor Edward Snowden.
Obama also proposed to give law enforcement agencies broader power to investigate and prosecute cybercrime, hoping to deter the sale of spyware and theft of personal data.
His proposal would make selling stolen credit card information overseas a crime and would allow authorities to prosecute the sale of botnets, computer networks linked to cybercrime.
He also wants to require companies to tell consumers within 30 days from the discovery of a data breach that their personal information has been compromised.
(Reporting by Roberta Rampton and Alina Selyukh; Additional reporting by David Brunnstrom; Editing by Nick Macfie, John Whitesides and Tom Brown)