President Barack Obama signed an executive order at a Stanford University summit Friday encouraging the private sector to share cybersecurity threat information with other American companies and the U.S. government.
Obama formally signed the order shortly before noon on a stage in Stanford’s Memorial Auditorium after delivering a speech before an enthusiastic crowd of about 1,000 business executives, students and others attending the White House Summit on Cybersecurity and Consumer Protection.
The president described the threat of data theft and spying via online hacking as “one of the most serious economic national security challenges that we face” and dealing with it must be “a shared mission” among private businesses and the federal government:
“So much of our computer networks and critical infrastructure are in the private sector, which means government cannot do this alone. … But the fact is that the private sector can’t do it alone either, because it’s government that often has the latest information on new threats.”
“There’s only one way to defend America from these cyber threats and that is through government and industry working together, sharing appropriate information as true partners.”
The president’s order instructs the Secretary of Homeland Security to “strongly” urge businesses, as well as nonprofit groups, to voluntarily form Information Sharing and Analysis Organizations, or ISAOs, to share details about cyber threats with other ISAOs and Homeland Security “in as close to real time as possible.”
The ISAOs, following a list of voluntary standards and having its members pass security clearances, would communicate information concerning cyber threats to the National Cybersecurity and Communications Integration Center in Washington, D.C.
The federal agencies engaged with ISAOs must also “ensure that appropriate protections for privacy and civil liberties” are adhered to, conduct assessments and submit information to be included a required Privacy and Civil Liberties Assessment report prepared by Homeland Security.
Obama said that American companies doing trillions of dollars of business are targeted by hackers for their trade secrets and intellectual property, citing as an example the recent online theft of large amounts of email and other data from the Sony Pictures company, allegedly by the North Korean government.
Banking and other online information used by consumers is also at risk, he said:
“It is one of the great paradoxes of our time that the very technologies that empower us can also be used to undermine us.”
The nation’s power grids and critical financial, health and air traffic control services are all run on systems connected to the Internet and create levels of vulnerability never seen before, Obama said:
“Foreign governments are probing these systems every single day. … We have only to think of real life examples – an air traffic control system going down and disrupting flights, or blackouts that plunge cities into darkness – to imagine what a set of systematic cyber attacks might do. So this is also a matter of public safety.”
Cyber threats also affect national security, as the U.S. military, defense contractors and systems built for American troops are targeted by hackers from China and Russia, Obama said.
The speaker at the summit who immediately preceded Obama was Apple Chief Executive Tim Cook, who announced that his company’s Apple Pay online payment application, using on the iPhone 6 and other Apple hardware, would be available for making transactions with the federal government starting in September.
In his remarks, Cook said Apple supports Obama’s drive for businesses and government to share cyber threat information but he also emphasized his commitment to maintaining both the privacy and security of consumers:
“We can imagine a day when your wallet becomes a remnant of the past. … Your passport, your driver’s license and other important documents can be digitally stored in a way that’s safe, secure and easy to access, and only by you.”
Cook said that no single company or organization is capable of keeping personal information safe and that is why Apple plans to cooperate with the White House and the Congress:
“… because when it comes to the rights of customers and the rights of citizens, it’s important to realize we’re talking about the same people. … People have entrusted us with their most personal and precious information. We owe them nothing less than the best protection that we can possibly provide.”
“By harnessing the technology at our disposal, and working together as businesses, government and citizens, we believe we can bring about a future that fully embraces both privacy and security.”
Also at today’s summit, Homeland Security Secretary Jeh Johnson moderated a panel on public and private collaboration on cybersecurity with the chairmen and chief executives of American Express, PG&E, Kaiser Permanente and Palo Alto Networks.
A second panel overseen by U.S. Commerce Secretary Penny Pritzker discussed cyber threats to companies and consumers with top executives of MasterCard, AIG, Intel and Bank of America. Other speakers included National Security Council members Lisa Monaco and Jeff Zients, and Stanford President John Hennessey.
Later Friday Obama was expected to attend a Democratic National Committee fundraiser at a private residence in San Francisco. The president will fly out of San Francisco International Airport on Saturday to Palm Springs in Southern California. Obama last visited the Bay Area in October on a fundraising trip.