Obama set to push cybersecurity data-sharing
Fri 13 Feb 2015
President Barack Obama is preparing to sign a new executive order today which urges organisations to share information on cybersecurity threats with the White House and each other – a decision sparked by recent attacks including that on Sony Pictures last November.
The order will set in place the new ‘information sharing and analysis organisations’ (ISAOs) initiative which aims to encourage companies to share data on cyber threats among themselves and with the Department of Homeland Security.
The White House has said that the community is the next step in making businesses aware of and more familiar with security legislation, offering participating companies liability protection.
“We believe that by clearly defining what makes for a good ISAO, that will make tying liability protection to sectoral organizations easier and more accessible to the public and to privacy and civil liberties advocates,” said Obama’s cyber coordinator, Michael Daniel.
The order will be signed by Obama at a day-long cybersecurity conference held at Stanford University, California.
The new effort comes as large US tech companies hesitate to cooperate with mandated cybersecurity data sharing – that is until reforms are considered for government surveillance activities, such as those exposed by National Security Agency (NSA) whistle-blower Edward Snowden.
Cybersecurity experts believe that Obama’s order will only mark small progress in the government’s effort to protect large firms from attacks like those on Sony Pictures and Anthem.
The legislation proposed by the President would require more intelligence-sharing, as well as place limits on legal liability for companies that share too much. Only Congress would have the power to provide liability protection.
Mike Brown, vice president of the RSA security division at EMC said that companies would be hesitant to share “timely and actionable” cyber intelligence without liability relief.
“Until that gets resolved, probably through legislation, I’m not sure how effective continued information-sharing will be,” added Brown.
Tom Carper of the Senate Homeland Security committee introduced a new bill earlier this week which covers Obama’s main objectives in cybersecurity. However the Republicans, currently in control of Congress, have yet to sign on to the idea.
“This is an urgent matter and we are working with anyone that we can up on the Hill to make that happen,” said Daniel.
To get Carper’s bill through Congress will require support from big tech players in Silicon Valley such as Facebook and Google, who have refused to fully back cybersecurity bills until a number of reforms are implemented on government surveillance programmes which have damaged their international expansion plans.
“Obviously there have been tensions,” Daniel continued. “But I think that’s the kind of thing where the only way to get at that is to continue to have dialogue and to continue to engage, and the president has been committed to that.”
The CEOs from Google, Yahoo and Facebook will not attend the Stanford University conference today because of the feud. Apple CEO Tim Cook will be delivering an address.
Obama is also expected to meet with executives today to further push for reforms in cybersecurity and encourage support for encryption, which others have detracted for facilitating criminal activity.