President Barack Obama signed an executive order on Friday designed to spur businesses and the Federal Government to share with each other information related to cybersecurity, hacking and data breaches for the purpose of safeguarding U.S. infrastructure, economics and citizens from cyber attacks. He signed the order in front of an audience at Stanford University during his keynote address for the White House’s Summit on Cybersecurity and Consumer Protection.
Obama’s speech started off relatively light-hearted with the President pointing out how much technological innovation could be traced back to Silicon Valley and Stanford and even joking that the big webscale companies of [company]Yahoo[/company] and [company]Google[/company] “were pretty good student projects.”
Things took a turn to the dark side, however, with Obama segueing into the devastation that modern-day technology can bring as exemplified by the major data breaches we’ve seen at Sony Pictures Entertainment and insurance provider Anthem.
The new executive order is supposed to help nullify future attacks with the idea that companies have information related to data breaches that could be helpful to the Federal Government and vice versa.
“So much of our computer networks and critical infrastructure are in the private sector, which means government can’t do this alone,” Obama said. “But the fact is that the private sector can’t do it alone either, because it’s government that often has the latest information on new threats.”
With the new executive order, Obama wants both the private and public sector to create hubs where they can trade information with each other and respond to threats “in as close to real time as possible,” according to the executive order.
Obama insisted at several points throughout his speech (and in the executive order itself) the need to balance privacy concerns with national security concerns, a hot topic that has privacy advocates worried that giving government access to business and personal data will lead to intelligence agencies overstepping their boundaries.
“I have to tell you that grappling with how the government protects the American people from adverse events, while at the same time making sure that government itself is not abusing its capabilities, is hard,” said Obama.
Indeed, this delicate line between privacy and security led to senior executives from Google, Yahoo and [company]Facebook[/company] declining to attend the security summit. It’s no secret there’s been bad blood between these companies and the U.S. government ever since the leaked Edward Snowden documents detailed the government’s data-collection methods as they relate to the tech giants.
Ironically, Facebook earlier this week revealed its own collaborative-threat detection framework dubbed ThreatExchange, in which its purpose is to provide an online hub (hosted by Facebook, of course) where companies can exchange security-related information in order to prevent further data breaches and hacks. Among the companies participating with Facebook on the project are Pinterest, Tumblr, [company]Twitter[/company] and Yahoo.
While ThreatExchange allows the trading of security data, it’s probably not exactly what the U.S. government is looking for since its only available for businesses to tap into.
Whether the private sector wants to voluntarily disclose more information to the U.S. government in the name of security remains to be seen, but in the time being, it’s looking like companies are at least open to sharing information with each other sans government.