U.S. President Barack Obama signed an executive order Friday that marks his administration’s most significant attempt to simplify the sharing of information about cyberattacks between the public and private sectors, as well as within the latter. The order came after a number of devastating hacks of U.S. companies and amid heavy criticism that the White House’s efforts to protect the country against hackers have fallen short.
Obama announced he signed the executive order during a speech at Stanford University in California. The new initiative would help get “all of us working together to achieve what none of us can do alone,” the president said.
“I’ve been grappling with how government protects the American people from adverse events while at the same time making sure the government itself isn’t abusing its capabilities. It’s hard,” Obama said. “This cyberworld is the Wild West, and to some degree we’re asked to be the sheriff.”
Under the executive order, the Department of Homeland Security will become the hub between the government and companies attempting to share security data. Firms that choose to participate will alert their peers as well as the DHS about new information centered on cyberattacks or malware. Participation will be voluntary.
The DHS has been added to the list of federal agencies allowed to OK classified-information sharing arrangements. Security professionals have previously complained that threats they have reported to the government were classified as secret, effectively ending their attempts at cooperating with the government. Giving the DHS more discretion could solve this problem.
Obama cited the possibilities of air-traffic-control stations becoming inoperable and citywide power outages as indications the Internet “creates new forms of vulnerability that we didn’t have before.” He suggested the challenge “of how we secure this digital world is only going to increase.”
The president has dedicated much of his energy to cybersecurity since the Sony Pictures Entertainment unit of the Sony Corp., health insurer Anthem Inc. and several other companies were victimized in high-profile hacks.
American International Group Inc., Apple Inc., the Bank of America Corp., the Intel Corp., QVC Inc., Walgreens Boots Alliance Inc. and others have already agreed to participate, but some of the biggest technology heavyweights are conspicuously absent. CEOs of Facebook Inc., Google Inc. and Yahoo Inc. sat out the speech, complaining that years of discussions with the government about its data-collection policies have yielded little progress.
One technology executive who was on hand for Obama’s remarks told the New York Times that the president’s plan is “a stupid approach.” Much of the plan relies on the willingness of Silicon Valley to trust the U.S. intelligence community after tech leaders have for years felt stifled by the way the FBI, National Security Agency and other arms of the government collect data.
Eric Grosse, Google’s vice president of security and privacy, told the Times the issue is “a source of continuing tension. ... The government is realizing they can’t just blow into town and let bygones be bygones. Our business depends on trust. If you lose it, it takes years to regain.”