President Obama this past week signed an executive order calling on the private sector and government to formally share cybersecurity threat information. Noting that frictionless information sharing was key to this effort, president Obama said that US companies and the government should work hand-in-hand to help thwart cyber-attacks.
“Government cannot do this alone,” the president said at an appearance at a recent Cybersecurity Summit in Palo Alto, California, where he signed the order. “The fact is that the private sector can’t do this alone either. It’s government that often has the latest information on these new threats.”
At the summit, President Obama also met with CEOs and other top executives from tech companies such as Apple and Intel, and other firms such as AIG, Bank of America, Kaiser Permanente, Pacific Gas & Electric, QVC, US Bank and Walgreens. Microsoft was curiously omitted from the list of companies attending, though the software giant separately said that Scott Charney, Microsoft’s corporate vice president of Trustworthy Computing, represented the firm at the event.
(The CEOs of Facebook, Google and Yahoo were all invited to the summit, but like Microsoft they sent their top security officials instead.)
Obama’s order is in many ways a formalization and expansion of a previous Cyber Threat Alliance in which security solutions providers like Fortinet, Symantec and others have agreed to share information about security threats. But the order expands this sharing throughout the private sector to involve banks, retailers, and other companies. And it course expands the sharing to include the US government as well.
The order is also just a step towards a more secure future. President Obama would like for a more comprehensive bill to be introduced in Congress that could lead to a modernization of how the government and corporations of all kinds alert customers of security breaches. He cited many recent electronic attacks—Anthem Health Insurance, Apple, Home Depot, Sony, and Target among them—as proof that the threat is only getting worse and asked Congress to rise above the usual partisan rhetoric.
“This should not be an ideological issue,” he said. “This is not a Democratic or Republican issue. Everybody’s online and everybody’s vulnerable.”
Held as it was in Silicon Valley, the Summit garnered big support from Apple, which is both the world’s largest consumer electronics company and perhaps the most aggressive in modernizing electronic payments. Apple CEO Tim Cook marketed Apple Pay during his appearance, of course, but he also spoke of the need for privacy controls to be part of any US cybersecurity laws.
“We must get this right,” he said at the event. “History has shown us that sacrificing our right to privacy can have dire consequences. We still live in a world where all people are not treated equally. Too many people do not feel free to practice their religion, or express their opinion, or love who they choose … If those of us in positions of responsibility fail to do everything in our power to protect the right of privacy, we risk something far more valuable than money. We risk our way of life.”
Apple also pledged to adopt Obama’s framework for security protocols across its “corporate networks,” which includes public-facing services such as iTunes, iCloud and Apple Pay. Under the guidelines of this framework, companies like Apple that store personal data will adopt more rigorous security practices than those that do not.
As for Microsoft, the software giant noted that it supports Obama’s cybersecurity initiatives, and it took this opportunity to promote its coming password-less two-factor authentication scheme for Windows 10, which I wrote about yesterday on Thurrott.com.