WASHINGTON (Reuters) - President Barack Obama sent a bill to Congress on Tuesday to strengthen U.S. cybersecurity laws to protect government, businesses and consumers while protecting privacy, after recent hacking attacks against Sony Pictures (6758.T), Home Depot Inc (HD.N) and Target Corp (TGT.N), and on Monday the federal government itself.
“We’ve got to stay ahead of those who would do us harm. The problem is that government and the private sector are still not always working as closely together as we should,” Obama said.
During a tour of a “war room” at the Department of Homeland Security’s cybersecurity nerve center, Obama said the attacks highlighted the threat to financial systems, power grids and healthcare systems that run on networks connected to the Internet.
Congress has tried for years to pass legislation to encourage companies to share data from cyberattacks with the government and each other. Liability issues raised by companies and privacy concerns of civil liberties groups contributed to the failure to implement such laws.
Obama’s proposed legislation looks to balance needs with concerns by offering liability protection to companies that provide information in near-real-time to the government, while requiring them to strip it of any personal data.
On Monday, the Twitter and YouTube accounts of the U.S. military command that oversees operations in the Middle East were hacked by people claiming to be sympathetic toward the Islamic State militant group being targeted in American bombing raids.
Obama said the attack, which is being investigated by the Federal Bureau of Investigation, did not seem to affect classified information.
Obama has moved cybersecurity to the top of his 2015 agenda, seeing it as an area where cooperation is possible with the Republican-led Congress.
He discussed the legislation on Tuesday with House Speaker John Boehner and Senate Majority Leader Mitch McConnell and said they agreed cybersecurity needed to be addressed. Reaction from other congressional leaders was also positive.
The leading Republicans and Democrats on the Senate and House Homeland Security committees said in a joint statement that Obama’s proposal would be useful.
The White House will also try to build support for the legislation at a cybersecurity summit scheduled for Feb. 13 at Stanford University. Obama proposed legislation in 2011 that died in Congress.
“Foreign governments, criminals and hackers probe America’s computer networks every single day. We saw that again in the attack on Sony,” Obama said. The United States has blamed that hacking on North Korea
Privacy advocates applauded the proposal to require companies to strip private information from data they share, and cautiously welcomed a call for new privacy rules that would determine how federal agencies are allowed to use and store such data.
“It is a thoughtful proposal but ... there are still many gaps that need to be filled,” said Harley Geiger, senior counsel at the Center for Democracy and Technology. Privacy advocates remained concerned about the access intelligence agencies may have to the information companies share with the Department of Homeland Security.
Obama’s proposal would give law enforcement agencies broader power to investigate and prosecute cybercrime, with an eye on deterring the theft of personal data. And it would make selling stolen credit card information overseas a crime and would allow authorities to prosecute the sale of botnets, computer networks linked to cybercrime.
He also wants to require companies to tell consumers within 30 days from the discovery of a data breach that their personal information has been compromised.
Reporting by Roberta Rampton and Alina Selyukh; Additional reporting by David Brunnstrom; Editing by Tom Brown, Toni Reinhold