President
Barack Obama is set to sign an executive order on Friday aimed at
encouraging companies to share more information about cybersecurity
threats with the government and each other, a response to attacks like
that on Sony Entertainment.
The
order sets the stage for new private-sector led “information sharing
and analysis organizations” (ISAOs) – hubs where companies share cyber
threat data with each other and with the Department of Homeland
Security.
It
is one step in a long effort to make companies as well as privacy and
consumer advocates more comfortable with proposed legislation that would
offer participating companies liability protection, the White House
said.
“We
believe that by clearly defining what makes for a good ISAO, that will
make tying liability protection to sectoral organizations easier and
more accessible to the public and to privacy and civil liberties
advocates,” said Michael Daniel, Obama’s cyber coordinator, in a
conference call with reporters.
Obama will sign the order at a day-long conference on cybersecurity at Stanford University in the heart of Silicon Valley.
The
move comes as big Silicon Valley companies prove hesitant to fully
support more mandated cybersecurity information sharing without reforms
to government surveillance practices exposed by former National Security
Agency contractor Edward Snowden.
Cybersecurity
industry veterans said Obama’s anticipated order would be only a modest
step in one of the president’s major priorities – the defense of
companies from attacks like those on Sony and Anthem Inc.
Obama
has proposed legislation to require more information-sharing and limit
any legal liability for companies that share too much. Only Congress can
provide the liability protection through legislation.
Businesses
are unlikely to share a lot of timely and “actionable” cyber
intelligence without liability relief, said Mike Brown, a vice president
with the RSA security division of EMC Corp.
“Until
that gets resolved, probably through legislation, I’m not sure how
effective continued information-sharing will be,” said Brown, a retired
Naval officer and former cyber official with the Department of Homeland
Security.
Senator
Tom Carper, the top Democrat on the Senate Homeland Security committee,
introduced a bill this week that incorporates much of Obama’s plan. But
Republicans control Congress, and they have yet to sign on to the idea.
“This
is an urgent matter and we are working with anyone that we can up on
the Hill to make that happen,” said Daniel, who had not yet reviewed
Carper’s bill.
Getting
a bill through Congress will require at least the support of big
Silicon Valley companies such as Google Inc and Facebook Inc.
Those
companies, however, have refused to give full support to cybersecurity
bills without some reform of surveillance practices exposed by Snowden
that have hurt U.S. technology companies’ efforts to win business in
other countries.
“Obviously there have been tensions,” Daniel told reporters.
“But
I think that’s the kind of thing where the only way to get at that is
to continue to have dialogue and to continue to engage, and the
president has been committed to that,” he said.
Google,
Facebook and Yahoo are not sending their chief executives to the
Stanford conference because of the rift, according to an executive at a
major technology company. Apple Inc Chief Executive Tim Cook will give
an address.
Obama
also will meet privately with some executives on Friday. They are
expected to press again for surveillance reform and support for strong
encryption, which some in the administration have faulted recently on
the grounds that it enables criminals and terrorists to hide their
activity.
Big
technology companies and a host of startups have been beefing up
encryption in Snowden’s wake to make blanket intelligence collection
overseas more difficult.
Posted by : Gizmeon
No comments:
Post a Comment