The Obama administration proposed the adoption of a federal data breach notification policy on Wednesday. This policy would supersede the laws that are now in effect in most states. It is only part of a comprehensive cybersecurity legislative agenda. The policy would require the reporting of security breaches to the Federal Trade Commission, and the individuals affected, within 60 days unless there is no reasonable risk of harm or fraud. There are some exceptions that you can read about in the links above if interested. Trying to not get too technical or political, I think this is a great move by the Obama administration and a step in the right direction. First of all, they are acknowledging the fact that the number of cyber attacks has skyrocketed in the last decade and these attacks are only getting bigger and more sophisticated. Secondly, this would be a win for consumers as well. When companies suffer these security breaches they sometimes try to cover it up and deal with it internally. That is flat out wrong and deceitful. Consumers have a right to know when their private information has been compromised. These large organizations need to be upfront and honest to their customers. If they cannot at least do that, how are we supposed to trust them?
Looking at the bigger picture though, this cybersecurity legislative agenda targets hackers and terrorists in an effort to prevent them from tapping into the nation’s critical infrastructure. This includes things like the water facilities, electric grids, chemical plants, and the financial sector. In order for this plan to work, it is going to require the government and the private sector to become a more cohesive unit. Those two will have to be able to work together. In addition, the Department of Homeland Security will assume a lead role in preventing cyberattacks. The White House plans to put more tools at their disposal and allow the DHS to hire cybersecurity experts. They are allowed to reach out to the private sector for help in this matter too. Obviously this is just a proposal that still needs to be carried out but it is good to see some initiative and direction. Everything seems to be run through computers today. Everybody has their private information in someone’s database. I think cyberattacks are quite possibly the next wave of terrorism as the attacks become more complex and wide ranging. We’ll have to wait and see what effect the President’s plan will have and, perhaps more importantly, how strictly some of these guidelines will be enforced.