Obama pitches cybersecurity agenda to Silicon Valley

President Obama took to Stanford University on Friday to sell the tech community on his plan to expand the cybersecurity partnership between the government and private sector.

“When we had to decide where to have his summit, the decision was easy because so much of our information age started here, at Stanford,” Obama said during his 30-minute speech at a day-long White House cybersecurity summit.

With more than 1,000 people in attendance, thousands more watching online and a public awareness campaign leading up to the event, the White House day-long cybersecurity summit was a big bully pulpit for the administration.

{mosads}It was a chance for the administration to pitch its cyber strategy to a country increasingly worried by the rise of cyberattacks on high-profile companies such as JPMorgan Chase and Sony Pictures, and on federal agencies like the State Department and U.S. Central Command.

“Foreign governments and criminals are probing theses systems every single day,” Obama said. “This problem of how we secure this digital world is only going to increase.”

The administration has lost the trust of many in the tech and privacy community for its perceived inability to rein in the National Security Administration (NSA) following the discovery of several secret NSA spy programs.

“Grappling with how government protects the American people from adverse events, while at the same time making sure the government itself is not abusing its capabilities, is hard,” Obama said. “This cyber world is sort of the Wild Wild West, and to some degree we’re asked to be the sherif.”

Obama plied all parties involved with an executive order signed during the summit.

The order outlines a vision of how companies can better share cyber threat data with one another and eventually with the government. It also directs the Department of Homeland Security (DHS) to develop a list of voluntary privacy and security guidelines to govern that sharing.

The measure is intended to entice firms to exchange data across sectors, mitigate privacy concerns about sharing sensitive information and convince lawmakers to pass legislation that would allow industry to then share that data with the government.

“We’re going to have to break through some of these barriers that are holding us back if we’re going to continue to thrive,” Obama said.

Obama’s executive action punctuated his remarks. It was the expected next step in the White House’s revived push to get its cyber agenda through Congress.

In January, the administration issued three cybersecurity legislative proposals. The measures aim to better protect student data, create a federal standard for data breach notifications, establish baseline data security standards, and facilitate cyber threat information-sharing between the public and private sector.

It’s the information-sharing component that has driven the most conversation and controversy.

Officials, lawmakers and industry groups argue a freer flow of cyber data is needed to strengthen the country’s lagging cyber defenses.

“We’re going to have to be smart and efficient and focus on what each sector does best, then do it together,” Obama said Friday.

But privacy advocates have worried the government might abuse this new source of sensitive information.

The conflict between the two sides has derailed previous attempts to get an info-sharing bill through Congress.

Obama believes Friday’s executive order will help resolve those conflicts, and pave the way forward for information-sharing efforts.

The order encourages private firms to share their cyber data with yet-to-be-created Information Sharing and Analysis Organizations (ISAOs). In the order, the administration said it envisions these ISAOs as membership organizations or single companies collecting information based on a regional affiliation or a specific type of cyber threat.

Most existing industry cyber data exchanges occur within a single sector, such as healthcare or finance.

Companies would be given legal liability protection when sharing data with ISAOs, shielding them from potential shareholder lawsuits should the data expose a network flaw. ISAOs would then share the data with the DHS, adhering to the privacy and security guidelines the department creates.

Speaking earlier in the day, DHS Secretary Jeh Johnson insisted security “means striking a balance between basic physical security and the things we cherish as Americans.”

“We can erect more cybersecurity, but we should not do so at the cost of who we are as a nation,” he added.

Industry largely welcomed Obama’s actions, but many noted the order might be meaningless without congressional action or widespread tech sector support.

“The new proposals face significant headwinds,” said Ben Desjardins, director of security solutions at Radware. “These companies believe they’ve already been badly burned by the government, and have very little to gain by publicly backing the President’s proposals.”

Apple CEO Tim Cook was the only major tech leader to show at the event. The CEOs from Google, Yahoo and Facebook all declined their invites.

In his remarks, Cook vowed to work with the White House and Congress on security and privacy initiatives, but did not mention information-sharing.

“When it comes to the rights of customers and the rights of citizens it’s important to realize we’re all talking about the same people,” he said. “We owe them nothing less than the best protections that we can possibly provide.”

Major tech players such as Apple have feuded with the government over whether law enforcement officials should be guaranteed access to encrypted data on their devices.

Lawmakers acknowledged their role as well following Obama’s remarks.

“We still need to do more,” said Rep. Adam Schiff (D-Calif.), ranking member of the House Intelligence Committee. “As the president acknowledges, we cannot solve the problem of cybersecurity by executive action alone.”