After an onslaught of digital attacks inflicted critical wounds on Sony, Westinghouse, Home Depot and scores of other businesses and consumers last year, President Obama is renewing a call for legislation to shore up the nation's cyber defenses. Experts tell the Pittsburgh Post-Gazette that while the proposal is a necessary step that could slow some attacks, it doesn't go far enough in stopping cyberattacks, particularly those on critical infrastructure. In his State of the Union address tonight, Obama will seek to require companies to notify consumers of a data breach within 30 days, make it illegal to sell botnets (software designed to control computers remotely) and allow law enforcement to pursue criminals selling stolen financial data overseas.
Experts say it won't stop the barrage of cyberattacks. “Absolutely not,” said Albert Whale of the cybersecurity firm ITSecurity. “Proposals don't get work done … (it) may be enough for executives and companies to finally spend the money to get started. We have to start somewhere; any first step we take is a step in the right direction.” Critical infrastructure such as systems operating electrical grids or nuclear facilities wouldn't gain significant protection under the president's proposal, says Joe Weiss of the cybersecurity firm Applied Control Solutions, LLC. Weiss said the proposed legislation focuses on protecting information technology systems and personal information far more than protecting physical systems.