Security Risk Management

How the State of the Union Will Affect American Information Security

Nick Gagalis | January 26, 2015

In his 2015 State of the Union Address, President Barack Obama mentioned the importance of improving America's cybersecurity and what he believes it will take to make it happen. Below is a review of the most interesting statements and initiatives mentioned in the address or recent media coverage, and the potential impact each could have on American Information Security.

  • The President wants companies and the government (namely the Department of Homeland Security) to work together more frequently, and also wants information sharing between companies to happen more often. He asked Congress to approve legislation in support of the former, in hopes that it would reduce the number of successful cyber attacks on American companies.

It is safe to expect that information sharing between companies and federal organizations will become a more common practice. Several industries-- such as financial services and retail-- have already created robust information sharing organizations.


“No foreign nation, no hacker, should be able to shut down our networks, steal our trade secrets, or invade the privacy of American families,” Obama said. “We are making sure our government integrates intelligence to combat cyber threats, just as we have done to combat terrorism."

It's intriguing to see any sort of parallel drawn between terrorism and cyber attacks. Obama called the Sony Hack an act of cyber vandalism back in December, and was careful not to call it a terrorist attack.

  • Obama wants the government to pass and enforce a federal data breach statute with a 30-day notification requirement from discovery of a breach to its corresponding report.

Some security experts believe it won't be easy to completely account for the details of a breach after a month, let alone disclose them to potentially affected parties. However, there is still support for the initiatives Obama is trying to pass. Congress discussed the national breach notification law for the first time on Tuesday, Jan. 27. The law is focused on how companies handle breaches once they've happened, not on trying to prevent them in the first place.

Much like penetration tests and vulnerability scans, cyber war games let both sides "rehearse" their responses to an attack and see where their weaknesses are when it comes to a response. This move will help both countries be more prepared in the event of a major attack and it's good to see the government adopting more proactive security strategies.

Suggested Posts

Mitigating Risk in Your Expanding Digital Ecosystem

As time goes on, organizations are taking on more and more new digital transformation initiatives to become increasingly agile and boost productivity — dramatically transforming the number of digital touchpoints employees interact with on...


3 Ways to Ensure Best-in-Class Third Party Cyber Risk Management

An effective third party cyber risk management program both identifies potential threats and finds ways to mitigate them. Organizations should aspire to the highest possible standards when it comes to their security posture. To do so, they...


Cyber Risk Should Be A Growing Concern to the Municipal Bond Market

Following an increase in ransomware cyber attacks, most notably May 2017’s WannaCry attack, U.S. public sector entities are starting to see the effects of these attacks on the almost $4 trillion municipal debt market. As a result, issuers...


Subscribe to get security news and updates in your inbox.