White House nudges Congress to revisit controversial 'CISPA-style' laws after Sony attack

President Obama's remarks about wanting Congress to work on "stronger cybersecurity laws" are reminiscent of one controversial bill that angered privacy groups.
Written by Zack Whittaker, Contributor
U.S. President Barack Obama at the end-of-year presser
(Image: White House/C-SPAN live stream)

President Obama has sent the strongest signal yet for the upcoming Congress to take up new controversial cybersecurity information sharing legislation next year.

It comes days after the FBI said North Korea was "responsible" for the attack that crippled Sony's networks in a cyberattack launched in November.

President Obama said at his end-of-year press conference on Friday that he had a "cyber agency team look at everything we could do at the government level to prevent these kinds of attacks."

"We have been correlating with the private sector but a lot more needs to be done," Obama said.

He said he hoped Congress will in the new year work on "stronger cybersecurity laws that allow for information sharing across private sector platforms as well as the public sector."

This would help to prevent cyberattacks from happening "in the first place," he added.

The Obama administration and the soon-to-be-retiring Congress have failed to see eye-to-eye in the past two years on proposed cybersecurity legislation. The problem has been exacerbated by a series of high-profile attacks against U.S. businesses from state-sponsored hackers and lone-wolf hacker groups.

After the White House threatened to veto one controversial bill, dubbed the Cyber Intelligence Sharing and Protection Act (CISPA), new legislation made it through the Senate Intelligence Committee earlier this year.

Critics called the new bill, the similarly named Cybersecurity Information Sharing Act (CISA), an "even more toxic bill than the original CISPA bill." It will be debated and voted on by the full Senate in the new year.

CISA is designed to encourage ways of sharing information between government agencies and the private sector, including technology companies. It contains similar language to CISPA, its fallen predecessor. Critics warn the law, if passed, will allow private sector firms to search personal and sensitive user data of ordinary U.S. residents to identify "threat information," which can then be shared with other opt-in firms and the federal government -- without the need for a court-ordered warrant.

White House Economic Council Director Jeff Zients said at a Politico breakfast on Friday that there would be more executive action by the president in order to protect federal government assets.

"But in order to take this to the next level we need legislation," he said.

The White House has not yet publicly indicated whether or not the president would veto CISA, however.

The Sony hack, however, was severe enough for the Obama administration to consider it a "serious national security issue" on Thursday.

It's not clear if the severity of the Sony hack will indicate a change in stance on cybersecurity policy. Questions were left with the White House but were not returned at the time of writing.

With just shy of two weeks before sessions begin, all eyes are on the upcoming Congress to see if the new CISA bill gains traction among the new lawmakers.

Editorial standards