President Obama is urging companies to share information about security threats with each other and with the government, but how companies respond remains an open question.
Obama spoke today at the White House Summit on Cybersecurity and Consumer Protection at Stanford University. He signed an executive order intended to promote the sharing of cybersecurity information, calling such sharing "an essential element of effective cybersecurity because it ensures that U.S. companies work together to respond to threats, rather than operating alone," according to a White House briefing paper.
The event follows by just a few days the massive pilfering of customer data by hackers who broke into the Anthem Insurance system, just the latest in of a near-constant series of computer hacking incidents these past few years, attacking private businesses, government organizations, financial institutions and any customers they serve.
Early in the day's proceedings, President Barack Obama gave a speech and then signed an executive order urging companies to share information about security threats with each other and the government.
The White House invited several major tech companies to send representatives to the summit, but Apple's Tim Cook was the only CEO scheduled to appear; the heads of Google, Facebook and Yahoo all declined to attend the conference.
In the past, all of those companies (including Apple) have clashed with the federal government over various privacy issues, especially regarding how much spying the federal government does on its own citizens, and how much the tech companies should be forced to help the government with this spying.
Cook made headlines for Apple last September when, during an interview with PBS' Charlie Rose, he obliquely criticized U.S. government's mass, warrantless surveillance of its citizens, and other revelations exposed by former NSA whistleblower Edward Snowden.
The White House said earlier that a number of organizations and companies would be making commitments to increase their cybersecurity, including:
- The Cyber Threat Alliance (including Palo Alto Networks and Symantec, Intel Security, and Fortinet) will announce that its new cyber threat sharing partnership is starting to build best practices and standards consistent with the new information sharing Executive Order.
- The Entertainment Software Association is announcing the creation of a new information sharing and analysis organization that will be built consistent with the new information sharing Executive Order.
- Crowdstrike is announcing that it will form an information sharing and analysis organization.
- Box is announcing that it will participate in the standards-development process for ISAOs, and that it will explore ways to use the Box platform to enhance collaboration among ISAOs.
- FireEye is launching its “Information Sharing Framework,” which allows FireEye customers to receive threat intelligence in near-real-time, and provides anonymized threat indicators