The Entertainment Software Association issued today via press release a statement in response to the data security proposal announced today by the White House:
Cyber attacks threaten our country’s security and prosperity. We commend President Obama’s leadership in providing law enforcement the tools necessary to detect and prosecute organized digital crime. Consumers need to be protected from illegal, malicious botnets and denial-of-service attacks. They deserve to enjoy an innovative and dynamic Internet free of this criminal activity. The Entertainment Software Association will work with the White House and Congressional leaders to fine tune these proposals and help enhance penalties for those who inflict consumer damage on a mass scale.
The Cybersecurity Legislative Proposal issued by the President aims to crack down on cyber threats and “modernize” law enforcement against that kind of attacks, which reached unprecedented levels in the past few years and culminated with the events in December:
Modernizing Law Enforcement Authorities to Combat Cyber Crime: Law enforcement must have appropriate tools to investigate, disrupt and prosecute cyber crime. The Administration’s proposal contains provisions that would allow for the prosecution of the sale of botnets, would criminalize the overseas sale of stolen U.S. financial information like credit card and bank account numbers, would expand federal law enforcement authority to deter the sale of spyware used to stalk or commit ID theft, and would give courts the authority to shut down botnets engaged in distributed denial of service attacks and other criminal activity. It also reaffirms important components of 2011 proposals to update the Racketeering Influenced and Corrupt Organizations Act (RICO), a key piece of law used to prosecute organized crime, so that it applies to cybercrimes, clarifies the penalties for computer crimes, and makes sure these penalties are in line with other similar non-cyber crimes. Finally, the proposal modernizes the Computer Fraud and Abuse Act by ensuring that insignificant conduct does not fall within the scope of the statute, while making clear that it can be used to prosecute insiders who abuse their ability to access information to use it for their own purposes.
National Data Breach Reporting: As announced yesterday, the Administration has also updated its proposal on security breach reporting. State laws have helped consumers protect themselves against identity theft while also encouraging business to improve cybersecurity, helping to stem the tide of identity theft. These laws require businesses that have suffered an intrusion to notify consumers if consumers’ personal information has been compromised. The Administration’s updated proposal helps business and consumers by simplifying and standardizing the existing patchwork of 46 state laws (plus the District of Columbia and several territories) that contain these requirements into one federal statute, and puts in place a single clear and timely notice requirement to ensure that companies notify their employees and customers about security breaches.
Among other things, the proposal targets botnets, which are the main tool used to perform the kind of DDOS attacks that wrecked the PSN and Xbox Live during the Holidays, and it’ll be interesting to see its effects.
Completely preventing DDOS attacks seems to be an almost impossible mission, but at least partly removing botnets from the picture would possibly make them more difficult and costly to execute.
You can find the full release from the White House here.