Roosevelt Institute | Cornell University

The White House Tackles Cybersecurity in a post-Sony Pictures World

By Elizabeth ZelkoPublished February 18, 2015

In the wake of several high profile cyber attacks perpetrated over the last two years, including breaches at Target, Sony Pictures, JP Morgan Chase and, most recently, Anthem Blue Cross, the White House has been under fire to update cyber crime laws that are no longer equipped to deal with the broad range and level of sophistication of attacks commonly executed by criminals today.
Over the last six years, the Obama administration has taken significant action to strengthen laws regulating cyberspace. In 2011, President Obama released the Cybersecurity Legislative Proposal, a comprehensive plan calling on Congress to take action on several different issues. The plan would require companies to report national data breaches both to customers affected and to the federal government within a certain period of time after an attack is discovered.  Additionally, it proposed clearer penalties for cyber criminals. Currently, many people charged with cyber crimes are convicted under statutes that must be stretched and re-defined by prosecutors in order to cover crimes committed in cyberspace. The plan also proposed that an information sharing network be formed that would allow private companies to share attack data and information among industry and government. This is particularly important given how quickly cyber attacks evolve since criminals are constantly finding and exploiting new weaknesses. Such a collaboration would allow companies to patch vulnerabilities in their systems and protect themselves better from future attacks. Another area of importance, which has become even more urgent in the last five years, was working to prevent and counter attacks within the federal government. The number of attacks annually on the entire U.S. government has grown from roughly 34,000 in 2010 to 61,000 in 2014, an increase of over 79 percent. The last and perhaps biggest focus of the proposal was tackling the issue of data privacy.

The White House, however, had little luck in drawing bipartisan support for a major cybersecurity bill and, consequently, President Obama issued an Executive Order in February 2013 in order to establish basic cybersecurity standards and regulations. This act included an information sharing initiative, policies geared to promote transparency regarding data collection by private companies, and ordered a review of current cybersecurity regulations. Unfortunately, the increasing number of security breaches in 2013 and 2014 demonstrates that such measures have not been effective in slowing the growth of cyber crime in the United States.

However, this week President Obama announced a second set of cybersecurity proposals for Congress which have been met with somewhat more success. One major part of the proposal regards the growing issue of student data privacy, an initiative which has already gained bipartisan support. Another proposal involves changing laws to make prosecution of cyber crimes less complicated, including updating the Racketeering Influenced and Corrupt Organizations Act to apply to cybercrime and adding to the Computer Fraud and Abuse Act.

Cyberspace is a relatively new frontier that has been poorly regulated and, as a result, has become increasingly difficult to police. Though it may have been unwilling to prioritize cybersecurity law in four years ago, Congress can no longer ignore the importance of both these proposals and the urgency of the situation. The scope of cyber attacks has expanded beyond espionage on behalf of foreign governments and into the private sector, endangering the identities and financial interests of hundreds of millions of American citizens, not to mention big-business and national security.