President Obama is expected to continue his cybersecurity push during his State of the Union address, following a week in which the White House rolled out the next phase of its cyber policy.
The cyber content in Obama’s speech shouldn’t be a surprise. The administration was transparent that it was previewing portions of the president’s upcoming speech when it dropped several new cyber proposals last week.
{mosads}In events scattered from Monday to Thursday, Obama revealed legislative offerings intended to enable greater cyber threat information sharing between the public and private sector; to protect student data; and to create a federal data breach notification standard and establish nationwide cyber defense standards.
Vice President Biden on Thursday also unveiled an educational grant to bolster cyber education at historically black colleges and universities.
The administration repeatedly cited the recent cyberattack on Sony Pictures in its explanation for why Congress must move quickly on its offerings. The digital assault crippled Sony’s network, exposed troves of sensitive documents and emails, and almost caused the studio to cancel the release of a multimillion-dollar film.
It also brought public awareness of cybersecurity to an all-time high.
“The president’s focus on privacy and cybersecurity reflects the mood of the American public, who think it’s high time for our leaders to step up to the plate to protect Americans from potentially devastating cyber attacks,” Lisa Sotto, chairwoman of the global privacy team at law firm Hunton & Williams, said in an email.
Many see cybersecurity as one of the few bipartisan issues on the Hill, even though lawmakers have not passed a major cyber bill since 2002. The lame-duck Congress was able to push through a number of small-bore cyber bills that clarified the cyber roles of various agencies and bolstered the government’s cyber workforce.
Whether this legislative momentum spills over into this Congress remains to be seen. Lawmakers across the aisle did at least seem open to Obama’s ideas last week.
Support from industry groups and privacy advocates are another thorny issue.
“The White House proposals may not get wholehearted support from either the industry or the privacy advocates that focus on this issue, but they do contribute to what likely will be a meaningful debate over these issues in the coming months,” Paul Tiao, formerly a senior cybersecurity adviser to then-FBI Director Robert Mueller, said in an email.
Industry groups have long pleaded for liability protections when sharing cyber threat information with the government — which Obama’s proposal would grant — but have occasionally blanched at burdensome breach reporting requirements similar to those Obama wants.
Privacy advocates have long held that Congress must reform the National Security Administration before enhancing cyber information sharing between the public and private sector. They’re worried such an info exchange could create another venue for the NSA to collect Americans’ personal information.
An NSA reform measure died late last year, and the current Congress has yet to seriously consider it again.
In his State of the Union address, Obama will make his pitch for why cyber needs to take precedence.
“Cyberthreats pose an enormous challenge to our country; it’s one of the most serious economic and security challenges we face as a nation,” the president said on Jan. 13, while explaining his legislative proposals.
Expect more of the same messaging Tuesday night.