General news outlets are atwitter over word from the White House that President Obama will address cybersecurity issues during his annual State of the Union speech to Congress on January 20. Obama will reportedly lay out his plans to deal with cyberthreats this week at the National Cybersecurity and Communications Integration Center. The idea, according to White House officials, is "to improve the government’s ability to collaborate with industry to combat cyber threats."
The beginnings of this effort, according to the New York Times, are the Personal Data Notification and Protection Act, which would require companies to tell customers of data breaches within 30 days, and the Student Data Privacy Act, designed to stop companies from using student data collected in schools.
A Hollywood connection?
That’s great, I guess, but why is it coming now? Is it all about the fallout from the recent Sony hack, which the FBI blames on North Korea? Or could it be the impending release of Michael Mann’s new movie, Blackhat?
You can never discount the Hollywood connection when it comes to politics, but seriously, the advent of state-sponsored attacks on private companies for ideological or political reasons, instead of purely economic purposes, is a really big deal. As I wrote after the Sony attack last month, there’s simply no way that even the largest companies can stand up to attackers backed by sovereign nations.
Of course, neither of the two proposed bills would help protect companies from hacking. In fact, I’m not so sure that many companies can resist attacks on that scale even if they receive government help, which appears to be what President Obama will propose. There are simply too many vulnerabilities, too many vectors, and too many villains.
Will government help make us safer?
Just as important, any government help won’t come free. Companies may have to pay for any services they get, they may have to accept government cybersecurity safety plans that may not fit in with their own efforts, and—most worryingly—they may have to share proprietary information that they would have preferred to keep confidential.
Some of that will become clear this week as the President continues his series of SOTU Spoilers and Vice President Joseph R. Biden Jr. goes to Norfolk, Virginia, to announce funding for cybersecurity training programs.
But as author and security expert Peter W. Singer explained in a sobering presentation at the South by Southwest conference last March, there are deep structural issues behind cybersecurity, and most of our leaders have no idea what’s really going on, leading to a distortion of threats and misapplication of resources. It’s not at all clear that more government intervention in the issue will actually make us any safer.
As the New York Times helpfully pointed out over the weekend, "the White House also did not make clear whether the president intended to confront some of the toughest questions raised by the recent hacking: When should the federal government step in to fight hackers? And is America's own use of cyberweapons a complicating factor?"