Skip to footer
Passcode
Modern field guide to security and privacy

Sony hack gives Obama political capital to push cybersecurity agenda

In gridlocked Washington, the aftereffects of the cyberattack on Sony Pictures may ultimately forces Republicans and Democrats to come together on an information-sharing bill.

|
J. Scott Applewhite/AP
Sen. John McCain, the Arizona Republican who heads the Senate Armed Services Committee, says "everyone's on board" with the idea of cybersecurity information sharing.

Edward Snowden may have doomed the prospects for cybersecurity legislation last Congress – but North Korea may revive them in this one.

After the leaks from the former National Security Agency contractor, privacy advocates staunchly opposed cybersecurity bills that share information with the government, amid fears they would increase the spy agency’s power to access and share even more private information from citizens. The information-sharing bills stalled.

Yet President Obama’s new push this week has so far been warmly received on Capitol Hill – and on both sides of the aisle.

Obama’s proposals, one week before his State of the Union address, come after the destructive hack of Sony Pictures Entertainment, for which the government has publicly blamed and sanctioned North Korea. It’s also on the heels of a maelstrom of other high-profile data breaches last – including on Home Depot and JP Morgan Chase & Co. – and this week’s brief takeover of the US military’s Central Command social media accounts by apparent Islamic State supporters.

All told, it may be enough momentum to break the logjam and give members of Congress political cover to come together this session to support a controversial part of Obama’s cybersecurity agenda: To give companies immunity from lawsuits if they share certain information about cyber threats with the government with the Department of Homeland Security.

An information-sharing bill “has to pass this Congress,” Senate Intelligence Committee Chairman Richard Burr, a North Carolina Republican, told Passcode. “It helps any time the president supports something.”

Moving a cybersecurity information-sharing bill “has never been easy,” he acknowledged, “but we’re committed to go extremely quickly.”

The Sony hack was a wake-up call on Capitol Hill, several lawmakers said. The attackers not only stole private information, they destroyed company data and computer hardware, and they also coerced Sony into altering its plans to release "The Interview," the comedy about the assassination of the North Korean leaders. All of this may go a long way to persuade lawmakers that mandating information sharing about cybersecurity threats will ultimately help defend private companies.

“I’m glad [Obama] is pushing to address cyber legislation,” said Republican Sen. Kelly Ayotte of New Hampshire. “We’ve stalled in the past, and if you look at what happened with the Sony attack, I think we can’t afford to stall anymore. I think his timing is right on here… . I haven’t talked to anyone in Congress who has said, ‘This shouldn’t be a priority for us.’”

Sen. Angus King, an independent on the Intelligence Committee, agreed. “I think everybody realizes the urgency.”

Maryland Democratic Rep. Dutch Ruppersberger, who already reintroduced his version of information-sharing legislation this session, said in a statement that, “President Obama and I agree we can no longer afford to play political games while rogue hackers, terrorists, organized criminals and even state actors sharpen their cyber skills.”

However, just because “everybody’s on board with the idea of it” – as Republican Sen. John McCain puts it – doesn’t mean it will be easy to make progress on this controversial and complicated issue. “I have been to more meetings on cyber than any other issue in my time in the Senate, and gotten the least amount of result,” said Senator McCain, who chairs the Armed Services Committee.

There are already divisions emerging this time around. McCain opposes the White House’s proposal to route cyberthreat information through the Department of Homeland Security. He said the National Security Agency should take that role. “I’m glad to see a proposal of theirs, for a change, and we’ll be glad to work on it – just not rubber stamp it,” said McCain.

On the other side of the spectrum, some privacy advocates are unhappy that Obama’s proposal – which essentially rehashes bills maligned by privacy groups since 2011 – would enable DHS to share the data it receives on threats with other relevant federal agencies.

“We’re going to be pushing to kill the bill, probably,” said Mark Jaycox, a legislative analyst for the Electronic Frontier Foundation, in part because it still does not appear to offer a mandatory requirement companies remove personal information before sharing it, and because the data will ultimately end up in the hands of the NSA.

“While its always good for the White House to talk about consumer privacy and user privacy, the most important privacy item is NSA reform,” Mr. Jaycox said.

That said, members appear to have an eye on compromise.

One of the most divisive issues has been which agency will collect the threat information – and Senate Homeland Security and Governmental Affairs Chairman Ron Johnson says he is inclined to support using DHS as the main repository.

“Because of the sensitivity of the Edward Snowden public perception, and the concern about civil liberties, the civilian agency of government might be the best place to have as a center point,” Senator Johnson, a Wisconsin Republican, told Passcode.

Burr, the Intel chair, also hinted at the possibility of compromise. “I think we’ll do this in a way that can assure passage – because the nation needs it.”

Johnson says the urgency for cybersecurity legislation after the Sony hack might sway some of his Republican colleagues to move away from focusing on the NSA – as well as people on the left, too. 

“It’s not just the federal government that can threaten our civil liberties," said Johnson. If attacks such as the Sony hack continue, he said, "take a look at how much at risk our freedoms will be at that point.”

Sony may help overcome the post-Snowden “fear factor” about sharing information with the government, said Rep. Jim Langevin, co-chair of the Congressional Cybersecurity Caucus, which has grown by 11 members just this session.

Cybersecurity legislation stalled because Snowden “created this belief that there was this massive government overreach on the capabilities of the information that was being collected at NSA,” said Representative Langevin, a Rhode Island Democrat, in an interview last week. “It didn’t have really anything to do with what we’re talking about in terms of sharing classified threat signatures.”

But now, he said, “People are becoming attuned to the fact that a country or a hacker could really go after one of the nation’s major corporations as they did against Sony, and cost them potentially hundreds of millions of dollars in damage.” And that, said Langevin, "was an eye opener.”

 

You've read  of  free articles. Subscribe to continue.
Real news can be honest, hopeful, credible, constructive.
What is the Monitor difference? Tackling the tough headlines – with humanity. Listening to sources – with respect. Seeing the story that others are missing by reporting what so often gets overlooked: the values that connect us. That’s Monitor reporting – news that changes how you see the world.
editor@csmonitor.com
Subscribe
Mark Sappenfield
Editor

Dear Reader,

About a year ago, I happened upon this statement about the Monitor in the Harvard Business Review – under the charming heading of “do things that don’t interest you”:

“Many things that end up” being meaningful, writes social scientist Joseph Grenny, “have come from conference workshops, articles, or online videos that began as a chore and ended with an insight. My work in Kenya, for example, was heavily influenced by a Christian Science Monitor article I had forced myself to read 10 years earlier. Sometimes, we call things ‘boring’ simply because they lie outside the box we are currently in.”

If you were to come up with a punchline to a joke about the Monitor, that would probably be it. We’re seen as being global, fair, insightful, and perhaps a bit too earnest. We’re the bran muffin of journalism.

But you know what? We change lives. And I’m going to argue that we change lives precisely because we force open that too-small box that most human beings think they live in.

The Monitor is a peculiar little publication that’s hard for the world to figure out. We’re run by a church, but we’re not only for church members and we’re not about converting people. We’re known as being fair even as the world becomes as polarized as at any time since the newspaper’s founding in 1908.

We have a mission beyond circulation, we want to bridge divides. We’re about kicking down the door of thought everywhere and saying, “You are bigger and more capable than you realize. And we can prove it.”

If you’re looking for bran muffin journalism, you can subscribe to the Monitor for $15. You’ll get the Monitor Weekly magazine, the Monitor Daily email, and unlimited access to CSMonitor.com.

Subscribe to insightful journalism

QR Code to Sony hack gives Obama political capital to push cybersecurity agenda
Read this article in
https://www.csmonitor.com/World/Passcode/2015/0114/Sony-hack-gives-Obama-political-capital-to-push-cybersecurity-agenda
QR Code to Subscription page
Start your subscription today
https://www.csmonitor.com/subscribe