Obama unveils proposed cybersecurity laws

By on
Obama unveils proposed cybersecurity laws

Wants to criminalise sale of botnets, stolen financial data.

US President Barack Obama wants to introduce new laws to prosecute those who sell botnets and stolen US financial data, and allow authorities to halt sales of spyware used to commit ID theft or stalk citizens.

Speaking overnight during a tour of the Department of Homeland Security's cyber security nerve centre, Obama renewed his push to strengthen his country's cyber security laws following recent large-scale attacks against the likes of Sony Pictures and Target.

He said such attacks had highlighted the need to secure financial systems, power grids and healthcare systems against malicious actors.

"We've got to stay ahead of those who would do us harm. The problem is that government and the private sector are still not always working as closely together as we should," Obama said.

Congress has tried and failed for years to pass legislation to encourage companies to share data from attacks with the government, and each other, but grappled with liability issues raised by companies and privacy concerns from civil liberties groups.

But Obama has proposed legislation, due to be sent to Congress today, that seeks a balance.

To address the challenges of information sharing, the US government has proposed to offer liability protection to companies that provide information in near real-time to the government, but require them to strip it of any personal data.

Obama has also floated allowing law enforcement to prosecute those who sell botnets and stolen US financial information such as credit card and bank account numbers. The authorities would also be able to "deter the sale" of spyware used to stalk or commit ID theft.

Under the proposed legislation, courts would have the power to shut down botnets used for distributed denail of services attacks.

The draft laws also include a national data breach reporting scheme. Obama has previously announced his intention to give businesses 30 days to notify cusomters if their personal information has been compromised.

With Reuters

Copyright © iTnews.com.au . All rights reserved.
Tags:

Most Read Articles

Log In

Username:
Password:
|  Forgot your password?