Days after a data breach affecting 80 million customers of health insurer Anthem was disclosed, President Barack Obama on Friday urged U.S. firms to join the fight against cyberattacks, which he said were among the greatest threats to U.S. national security.
Obama made his case before corporate chief executives and consumer and privacy advocates at a White House-sponsored conference on cybersecurity and consumer protection at Stanford University in California.
He used the occasion to sign an executive order laying out a framework for companies to share data about cyberthreats with each other and the government.
The president said the public and private sectors have a shared mission in combating cyberattacks.
“So much of our computer networks and critical infrastructure are in the private sector, which means government cannot do this alone," he said. "But the fact is the private sector can’t do it alone, either, because it is government that often has the latest information.”
Obama said industry and government must work together as partners while evolving to deal with these new threats.
Good idea, CEO says
David Ulevitch, CEO of California-based security firm OpenDNS, welcomed the initiative, saying the two sectors have different capabilities and should work together.
He said private companies have "a view of the world that even maybe even the clandestine services have not yet moved forward to. We have at our company a whole data research team that is analyzing Internet data, and so we have information that could be of use in providing a more complete picture."
But collaboration may not come easily, with American tech companies still angry about data collection by the National Security Agency's surveillance program. Many firms have been working to win back customers’ trust after the surveillance raised privacy concerns.
Companies have also resisted government efforts to stop data encryption.
During his speech at the conference, Obama acknowledged the struggle between privacy and protection. “Grappling with how government protects the American people from adverse events, while at the same time making sure the government itself is not abusing its capabilities, is hard," he said.
Obama said the government has to constantly be self-critical and be open to debate in order for such barriers to be broken down.
The executive order the president signed Friday paves the way for legislation that would give companies protection from lawsuits when they share cyberthreat data. He urged Congress to act on the issue, saying cybersecurity is not an ideological issue.
New federal agency
Obama spoke days after the administration announced the creation of a new agency, the Cyber Threat Intelligence Integration Center, aimed at pooling and disseminating information on cyberthreats.
Currently, no single government agency is responsible for coordinating cyberthreat assessments, sharing information rapidly among existing agencies and providing timely intelligence to policymakers, said Lisa Monaco, assistant to the president for homeland security and counterterrorism.
However, Robert Graham, a security developer and CEO of the cybersecurity firm Errata Security, criticized creation of the new agency as “more bureaucracy” and said it would do nothing to improve what he called the government’s technical incompetence in thwarting cyberattacks.
“It’s the same thing they’re already doing over at US-CERT [Computer Emergency Readiness Team], over at [the Department of] Homeland Security, which has failed," Graham said. "It’s pretty much another organization with the same mission.”
Despite the skepticism, both administration officials and tech CEOs say discussion of the best ways to fight cyberattacks comes at an important time, as millions of Americans have seen their personal and financial information compromised just in the past year.
In addition to the Anthem case, there have been high-profile hacker attacks against Sony Pictures Entertainment, Target, Home Depot, eBay and JPMorgan Chase.
The U.S. government also has suffered cyberattacks, including the hacking of unclassified computers at the White House and State Department, as well as the Twitter and YouTube accounts of U.S. Central Command, which oversees the military campaign against Islamic State militants in Iraq and Syria.
Some of the attacks have been blamed on hackers in Russia, China and North Korea.
