President Barack Obama has said that his proposed cybersecurity legislation is expected to bolster the private sector’s defenses. Later tonight, he is expected to urge Congress and the American public to embrace the Cyber Intelligence Sharing and Protection Act during his State of the Union address. The measure, known as CISPA, was unveiled a week ago and is controversial because it allows companies to share cyber threat information with the Department of Homeland Security—data that might include their customers’ private information.

White House

The proposal by Obama, who once threatened to veto similar legislation, comes in the wake of the December hack of Sony Pictures Entertainment and breaches of giant retailers including Target.

But new research out Tuesday from George Mason University calls into question how effective Obama’s proposal would be. That’s because the federal government’s IT professionals as a whole have “a poor track record in maintaining good cybersecurity and information-sharing practices.” What’s more, the federal bureaucracy “systematically” fails to meet its own federal cybersecurity standards despite billions of dollars in funding.