The Obama administration is making a major push to spur the private sector to share more cyber threat data in hopes of making its own cybersecurity agenda more appealing on Capitol Hill.
At a White House cybersecurity summit on Friday, President Obama will sign an executive order structuring the information centers it wants companies to eventually use when sharing cyber threat data with the government. Officials believe it will make their cyber proposals more enticing to lawmakers.
{mosads}Hosted at Stanford University, the summit is also a chance for the administration to try and improve its often tense relationship with the tech community.
Although the CEOs from Google, Yahoo and Facebook all declined to attend the summit, Apple head Tim Cook will announce during the event his intent to fold the government’s cybersecurity recommendations into its own cyber strategy.
The U.S. is “very much at an inflection point” on cybersecurity, said White House Cybersecurity Coordinator Michael Daniel, during a conference call with reporters.
The public and private sectors must work together, he said, if the U.S. wants cyberspace to serve as “a driver of economic growth and a promoter of human rights.”
A slew of high-profile cyberattacks on companies like Home Depot and Sony Pictures and on federal agencies ranging from the U.S. Postal Service to the White House have raised pressure on the administration to protect the country from cyber crime and cyber terrorism.
Friday’s executive order is the long-expected next step in the White House plan to rally lawmakers to pass its legislative proposal that would put the Department of Homeland Security (DHS) at the center of a public-private cyber info exchange.
Government officials, lawmakers and industry groups have argued for years that enhanced information-sharing is necessary to prop up the nation’s ineffective cyber defenses. But privacy advocates have been more cautious, worried the government might abuse potentially sensitive information.
Obama’s executive order is intended to rally both parties to action.
It will mainly help define the industry information-sharing centers at the center of the proposal.
These industry organizations, known as Information Sharing and Analysis Organizations (ISAOs), don’t yet exist, and the White House’s legislative proposal was short on details. It left some wondering what exactly the administration was suggesting.
In the executive order coming Friday, the White House will clarify that it envisions ISAOs as membership organizations or single companies “that share information across a region or in response to a specific emerging cyber threat,” the administration said.
Already existing industry-specific cyber info hubs can qualify as ISAOs, but will be encouraged to adopt a set of voluntary security and privacy protocols that would apply to all such information-sharing centers. The executive order will direct DHS to create those protocols for all ISAOs.
These protocols will let companies “look at [an ISAO] and make judgments about whether those are good organizations and will be beneficial to them and also protect their information properly,” Daniel said.
Companies will be given legal liability protection when sharing data with ISAOs. Explicitly tying legal liability to the information centers will hopefully make the overall plan “more acceptable to the public sector and privacy and civil liberties advocates,” Daniel said.
Industry groups have been concerned about exactly how they would be shielded from possible shareholder lawsuits when sharing data, while the privacy community has worried about firms exchanging data directly with the government.
Obama will also add the DHS to the list of federal agencies that can also approve classified sharing arrangements, quickening the process for ISAOs to swap cyber threat data with the department’s cyber info hub, known as the National Cybersecurity and Communications Integration Center.
“This executive action will clearly support the legislative package we rolled out earlier this year,” Daniel said. “It will build on that and help provide that foundation.”
On Wednesday, Sen. Tom Carper (D-Del.), ranking member of the Senate Homeland Security and Governmental Reform Committee, introduced Congress’s first version of the White House’s proposal.
Daniel said the administration will work with Carper on his bill, but had not yet taken a specific stance on it.
“This is an urgent matter and we are working with anyone we can up on the Hill to make [an information-sharing bill] happen,” he said.