President Barack Obama signed an executive order at a Stanford University summit encouraging the private sector to share cybersecurity threat information with other companies and the U.S. government.
“Just as we are all connected like never before, we have to work together like never before, both to seize opportunities and to meet the challenges of this information age,” Obama said at Friday’s Summit on Cybersecurity and Consumer Protection.
The 21st century will be marked by cybersecurity issues, and how the country addresses those problems could make or break the fabric of our society, Obama and panelists from U.S. companies who took part in the summit said.
Since the first computer virus in the 1980s, the world has been in a cyber arms race, Obama said. The need to keep up with — and surpass — the threats posed by attackers is constantly evolving, he added.
“It is one of the great paradoxes of our time that the very technologies that empower us can also be used to undermine us,” he said.
The cyber threats “pose one of the most serious economic challenges that we face,” he added.
The nation’s power grids and critical financial, health and air traffic control systems are all run on systems connected to the Internet and create levels of vulnerability never seen before, Obama said.
“Foreign governments are probing these systems every day,” Obama said.
Cyber threats are challenges to U.S. national security, as the U.S. military and defense contractors are targeted by hackers from China and Russia.
American companies doing trillions of dollars of business are targeted by hackers for their trade secrets and intellectual property, he said, citing as an example the hacking of large amounts of email and other data from the Sony Pictures company by the North Korean government.
Banking and other online systems used by consumers are also at risk, he said.
“This problem of how we secure this digital world is only going to increase,” Obama said.
The executive order advises companies to create information sharing and analysis organizations or “hubs” based on regions, affinities or in response to a particular threat. Companies would share information with each other and with the National Cybersecurity and Communications Integration Center about potential cyber threats.
The order encourages companies to use the National Institute of Standards and Technology cyber security framework, which was approved by Obama through an executive order in February 2013. The framework helps businesses identify their security needs, manage risks and create solutions.
Under the order, the information sharing would be voluntary and includes more government disclosure of classified threat information so that private network operators can more easily protect their systems.
The order also calls on the Department of Homeland Security to fund the creation of a nonprofit to develop a common set of voluntary standards for the information sharing organizations.
Privacy and civil liberties protections in the order are based on standards outlined in the Fair Information Practice Principles. Agencies are required to annually review their practices and file reports on the assessments with the Department of Homeland Security Chief Privacy officer and the DHS Office for Civil Rights and Civil Liberties.
Also at Friday’s summit, U.S. Department of Homeland Security Secretary Jeh Johnson moderated a panel on public and private collaboration on cybersecurity with the chairmen and chief executives of American Express, PG&E, Kaiser Permanente and Palo Alto Networks.
A second panel overseen by U.S. Commerce Secretary Penny Pritzker discussed cyber threats to companies and consumers with top executives of MasterCard, AIG, Intel and Bank of America.
Other speakers included National Security Council members Lisa Monaco and Jeff Zients, Apple CEO Tim Cook and Stanford President John Hennessy.
Monaco said that since 2009 the number of data breaches in the U.S. has increased five-fold. The scale and sophistication and severity of the breaches is unprecedented and transformational, she said.
“I worry that attacks like the one at Sony could be the norm,” she said.
Cook noted that in 2013, more than 13 million Americans were victims of identity theft.
“The personal impact of these security breaches can be devastating, and it costs our economy billions of dollars every year,” he said.
PG&E Chairman and CEO Anthony Earley Jr. emphasized the importance of collaborations between competing companies and between the private sector and government.
“It can’t be adversarial. This has to be like a new Manhattan Project where government and the private sector work together on this real and pernicious threat,” he said.
Ken Chenault, chairman and CEO of American Express, said that information sharing may be the single most impactful tool in fighting cyber attacks. But Congress needs to pass legislation for liability protection for businesses. Current law has not kept up with technology, he said.
A law from the early 1990s limits his company’s contact of members by mobile phone in most cases, so the company can’t sent texts about fraud alerts, for example, he said. Having that capacity would improve security 10-fold over night, he said.
But Nuala O’Connor, president and CEO of the Center for Democracy & Technology and Apple CEO Tim Cook stressed the importance of privacy and civil liberties protections in this Brave New World of cybersecurity.
“The wholesale collection of data into the hands of the government is not a great solution,” O’Connor said.
Cook also urged thoughtfulness in the cybersecurity program.
“”We still live in a society that is not equal,” he said of religious, political, gender, sexual and other differences. “A world of information can mean the difference between life and death. If we fail to protect privacy, we risk more than losing money. We risk losing our way of life. Technology gives us the tools to avoid this risk,” he said.
Around 4:40 p.m. Friday, Obama was expected to attend a Democratic National Committee fundraiser at a private residence in San Francisco.
The president will fly out of San Francisco International Airport on Saturday to Palm Springs in Southern California.
The president last visited the Bay Area in October on a fundraising trip.
Check out the Palo Alto Weekly’s Storify for photos and videos from the summit.
What do you expect..? Obama’s daughter applied to Stanford. Something along the lines of nepotism
Tim Cook’s and O’Conner’s comments about the importance of privacy and protection of our civil liberties need to be heeded! There will always be self created complex calamities in our society, we just can’t compromise our basic rights and freedoms to help fix the next escalating threat.