Continuing his push for stronger cyber security and his willingness to use executive authority to jumpstart security initiatives, as anticipated President Obama signed an Executive Order (EO) Friday meant to urge organizations to share cyber threat intelligence with each other and government.
Noting in a speech at the Cybersecurity and Consumer Protection Summit at Stanford University, that “it's not appropriate or even possible for government to secure the computer networks of private businesses,” Obama said the only way to defend the country from cyber threats is "through government and industry working together, sharing appropriate information as true partners.”
The EO calls for the creation of information sharing and organizations (ISAOs) where threat intelligence could be shared among companies and the Department of Homeland Security (DHS) as well as voluntary information standards for industry to follow.
The EO will also give DHS the “authority to enter into agreements with information sharing organizations,” according to information released by the White House in preface of the summit.
Larry Clinton, head of the Internet Security Alliance (ISA), reaffirmed in a statement ISA's belief that “the President's EO is the single most visionary statement of any world leader on cyber security, and we made great progress in the first step, which was the NIST framework.”
The president's call to action drew a metaphoric round of applause from many in the security industry, business and government as a clear step in the right direction to bolster the country's cyber resilience and help companies better fend off the kind of attacks that felled Sony Pictures, Home Depot and others. But it also raised a bevy of concerns, chiefly among them, the likelihood of increased government spying and how shifting regulations would affect companies' own policies.
Frank Keating, president of the American Bankers Association, issued a statement praising “the steps taken by the administration today,” saying it would “help the business community and government agencies share critical threat information more effectively.”
Financial institutions have been particularly hard hit by cyber-attacks and Keating expressed the need for helping “businesses improve their awareness of threats and enhance their response capabilities.”
No doubt, it was both symbolic that the White House chose Silicon Valley as the locale to hold the summit, which featured Apple, Inc. CEO Tim Cook as the morning keynote speaker, and unveil the EO.
The government DHS has been spending a lot of time trying to both raise cybersecurity awareness with the public and woo firms in that tech-rich area and seize on their innovation, to modernize government's cybersecurity stance.
In an interview with SC Magazine last fall, Phyllis Schneck, deputy under secretary for cybersecurity for the National Protection and Programs Directorate (NPPD), the chief cybersecurity official for the U.S. DHS, said her agency wanted “to combine the policy developed on the East Coast with open creativity out West.”