How the State of the Union Will Affect American Information Security

In his 2015 State of the Union Address, President Barack Obama mentioned the importance of improving America's cybersecurity and what he believes it will take to make it happen. Below is a review of the most interesting statements and initiatives mentioned in the address or recent media coverage, and the potential impact each could have on American Information Security.

• The President wants companies and the government (namely the Department of Homeland Security) to work together more frequently, and also wants information sharing between companies to happen more often. He asked Congress to approve legislation in support of the former, in hopes that it would reduce the number of successful cyber attacks on American companies.

It is safe to expect that information sharing between companies and federal organizations will become a more common practice. Several industries-- such as financial services and retail-- have already created robust information sharing organizations.

“No foreign nation, no hacker, should be able to shut down our networks, steal our trade secrets, or invade the privacy of American families,” Obama said. “We are making sure our government integrates intelligence to combat cyber threats, just as we have done to combat terrorism."

It's intriguing to see any sort of parallel drawn between terrorism and cyber attacks. Obama called the Sony Hack an act of cyber vandalism back in December, and was careful not to call it a terrorist attack.

• Obama wants the government to pass and enforce a federal data breach statute with a 30-day notification requirement from discovery of a breach to its corresponding report.

Some security experts believe it won't be easy to completely account for the details of a breach after a month, let alone disclose them to potentially affected parties. However, there is still support for the initiatives Obama is trying to pass. Congress discussed the national breach notification law for the first time on Tuesday, Jan. 27. The law is focused on how companies handle breaches once they've happened, not on trying to prevent them in the first place.

• The UK and US have agreed to test each other's cybersecurity through a series of cyber war games in 2015.

Much like penetration tests and vulnerability scans, cyber war games let both sides "rehearse" their responses to an attack and see where their weaknesses are when it comes to a response. This move will help both countries be more prepared in the event of a major attack and it's good to see the government adopting more proactive security strategies.