Obama to issue executive order promoting cyberthreat information sharing
After years of stressing the听need for better cyberthreat intelligence sharing between the private sector and government, President Obama is expected to issue听an executive order on Friday directing the two sides to collaborate more closely on the issue.
The action should spell out the ground rules for threat information sharing between businesses and government agencies, and will offer a measure of liability protection for companies that engage in it.
It comes after multiple failed attempts by the Obama administration to pass cybersecurity legislation with similar goals. In fact, it arrives exactly one year after a directive from Obama that laid out a similar goal but appears not to have gained much traction.
White House Cybersecurity Coordinator Michael Daniel announced the president鈥檚 plan at a Thursday press briefing. Mr. Daniel said the听action will further the nation鈥檚 cyberecurity goals and enable the Department of Homeland Security to do a better job of managing the information flow from the private sector.
The president plans to听make the announcement at a White House听Summit on Cybersecurity and Consumer Protection at Stanford University where he will meet with some 1,000 corporate executives听to discuss ways to improve the nation鈥檚 defenses against cyberthreats.
The summit and the executive action are part of an ongoing effort by the administration to respond to the growing concerns spawned by recent attacks on companies such as Sony Pictures, Anthem, JPMorgan Chase, Target, and Home Depot. These attacks have compromised personally identifiable information and payment card data for tens of millions of consumers.
In his keynote address at the summit and in meetings with technology leaders at the event, Obama and his team are expected to hammer home the need for private sector companies to engage more actively with each other and the government to address the vulnerabilities that have resulted in such breaches.
Earlier this week, the White House announced a new Cyber听Threat听Intelligence Integration Center (CTIIC) that has already been tasked with producing coordinated cyberthreat assessments based on information gathered from private companies and existing cyber centers.
The increased attention on information sharing by the White House could begin to nudge more companies to participate in it. The idea is that by mutually sharing information on certain threat indicators 鈥 such as malware code, registry keys, file paths, and malicious IP addresses 鈥 organizations can bolster their ability to detect and defend against cyberthreats.
Sector specific information sharing and analysis centers, such as those maintained by the financial services sector and defense industrial base companies, have been doing this sort of collaboration effectively for years.
But many companies, especially publicly traded ones, have been reluctant to release sensitive information because of potential liability concerns involved with such information sharing.听The concern is that private and protected information could be inadvertently included in the threat information shared by companies with the government.
Privacy rights advocacy groups have stridently opposed information sharing with the government over such concerns. Issues with the actual mechanisms that are needed to exchange threat information between companies have also been an inhibitor.
For Obama鈥檚 initiative to succeed, the executive order 鈥 or any legislation that comes in its wake 鈥 will need to address such concerns.
鈥淭he executive order is going to go a long way in generating more discussions on how we can share information between the public and private sector,鈥 said Phil Smith, senior vice president of government solutions at security company Trustwave. 鈥淏ut I do think there has to be some sort of legislative action to give those lawyers in private companies some measure of protection against lawsuits,鈥 stemming from information sharing, he said.
The role that the new White House threat intelligence center will play in analyzing and disseminating threat information is also key, said Christopher Pierson, general counsel an chief security officer at Viewpost, a payment platform and supplier of an online invoicing platform.
鈥淥verall, the key to information sharing is quality of data, actionable data, and speed at which it is delivered to others,鈥 said Mr. Pierson. 鈥淗ow does information flow, to whom, what is the analysis, and who is responsible."
Adding a new office to handle threat intelligence could also add complexity and confusion to the process, he said.
鈥淩ight now, we have several government, private sector, and even corporate-sponsored sharing centers,鈥 in addition to several state and federally funded efforts, said Pierson. 鈥淪o one more agency might be better if it ties the data, provides bi-directional information sharing, and speed across all sectors. But it may also be another layer."
听
