WASHINGTON — President Obama has unveiled proposals to protect businesses and the government from cyberattacks, including increasing the prosecution of crimes conducted through computer networks and toughening penalties for them.
Under the steps outlined by Obama, companies that share information about cyberthreats with the government would be shielded from liability.
The president promoted the initiatives — which would need congressional approval — at a Tuesday afternoon appearance at the National Cybersecurity and Communications Integration Center in Arlington, Va., part of a focus this week on cybersecurity and privacy in advance of his State of the Union address next week.
Obama, breaking with tradition, is dribbling out advance word of the agenda he will announce in the prime-time address.
The measure Obama is proposing would encourage companies to share cyberthreat information with the Department of Homeland Security’s cybersecurity center, which would swiftly pass it on to other government agencies and industry groups voluntarily formed to share such material. Companies would get “targeted liability protection” for doing so, the White House said, as long as they took steps to protect consumers’ personal information.
In addition, Obama is proposing to prosecute the sale of botnets, computer networks created to carry out cybercrime, and give courts the power to shut down those involved in denial of service attacks and other fraudulent activities.
He is also seeking to criminalize the overseas sale of stolen financial information like credit card and bank account numbers, and expand federal law enforcement authority to deter the sale of spyware used to stalk or commit identity theft.
The White House said the measure would update the organized crime law, the Racketeering Influenced and Corrupt Organizations Act, to apply to cybercrimes, including ensuring that the penalties associated with them are in line with other infractions.
The new effort comes a day after Obama called for federal legislation intended to force U.S. companies to be more forthcoming when credit card data and other consumer information are lost in an online breach like the kind that hit Sony, Target and Home Depot last year.
Concern about cybersecurity and safety has increased after the recent hack on Sony Pictures, which the U.S. government says was the work of the North Korean government. Obama has tried for three years to persuade Congress to pass a cybersecurity bill, and administration officials hope that the severity of the Sony attack and the hacking of retailers will change the political dynamic.
Businesses are still wary of new federal requirements, and Obama now faces a Congress controlled by Republicans who are skeptical of his proposals.
But initial reactions from some companies that would be affected were positive. Nicholas Ahrens, the vice president for cybersecurity and data privacy at the Retail Industry Leaders Association, said retailers had already set up a cyberintelligence sharing center and would continue to coordinate with American cybercrime officials.
“Collaboration between industry and government to share threat information is crucial in the fight against sophisticated and persistent cybercriminals,” he said in a statement.