CIOs Eye Obama Cybersecurity Push with ‘High Level of Interest’

President Barack Obama's proposed policy initiative enabling cybersecurity information sharing, modernizing laws that will make it easier to prosecute cybercriminals, and the national notification law that would give companies 30 days from the time a breach is discovered to notify consumers are points of contention with chief information officers and security experts. Some feel that 30 days is a pretty high bar, while others say 30 days is too much time. The cyber information sharing proposal will also likely be a point of contention.

“It’s a wolf in sheep’s clothing,” said John Pescatore, director of emerging security trends at SANS Institute, a cybersecurity research and education organization. A key factor will be whether some of the proposals promise enough in terms of practicality to overturn established concerns. The national breach notification law is of interest to businesses because it would eliminate the dozens of state and local statutes that they deal with now. Regardless of what President Obama announces, it will take a while for the US to fully flesh the “ins and outs of the challenges for all companies to respond in a way that is compliant,” says Shawn Wiora, CIO and CISO of health-care provider Creative Solutions in Healthcare LLC. Still, he said, corporate America requires more cybersecurity standards because the country is under attack by foreign entities and malicious hackers. “At the end of the day, the government has got to become more involved in cybersecurity. What President Obama is doing is welcomed by all CIOs.”