On the eve of Friday's White House Summit on Cybersecurity and Consumer Protection, President Barack Obama signed an executive order encouraging organizations in the private sector to work with the government to fight cybercrime. By laying out a framework to speed up the sharing of information during cyberattacks, the measure aims to help both government and businesses better deal with hacking and other threats.
Taking place at Stanford University, the all-day cybersecurity summit features talks by the president and a number of other officials, academics and tech leaders, including Apple CEO Tim Cook. The event also includes break-out sessions in which attendees can discuss issues such as cybersecurity information sharing, cooperation among international law enforcement agencies, new ideas on technical security and "Improving Authentication: Moving Beyond the Password."
"This summit comes at a crucial point," according to a fact sheet issued by the White House. "The president has been committed to strengthening our nation’s cybersecurity since the beginning of his administration and we have made significant progress. Yet, cyberthreats to individuals, businesses, critical infrastructure and national security have grown more diffuse, acute, and destructive. Despite improvements in network defense, cyber threats are evolving faster than the defenses that counter them. We are at an inflection point, both domestically and internationally, and now is the time to raise the call for greater collective action."
A Multi-Faceted Strategy
In organizing the Summit on Cybersecurity, the Obama administration has identified five key priorities for dealing with the growing threats to digital systems and information: protecting critical infrastructure; improving the ability to identify and report cyberthreats; working internationally to promote Internet freedom; ensuring security of federal networks; and shaping a cyber-savvy workforce.
Another facet of the president's push for improved cybersecurity is his BuySecure Initiative, which was launched in October. That effort focuses on ensuring secure payment systems for consumers, better tools for protecting against electronic theft and improved information sharing between federal agencies and businesses.
Finding ways to share cybersecurity information more quickly and effectively was also set to come up for discussion during a series of side events and open houses in various U.S. cities being held Friday in conjunction with the summit at Stanford. The open houses were being hosted by the Federal Bureau of Investigation and the U.S. Secret Service.
Quicker Information Sharing 'Better for Everyone'
To learn more about what was being discussed during those FBI/Secret Service sessions, we spoke with Phil Smith, who planned to attend an open house in Washington, D.C. Smith is senior vice president of Government Solutions and Special Investigations for the cybersecurity firm Trustwave. He is also a former special agent with the Secret Service and was a senior trial attorney with the U.S. Department of Justice Terrorism and Violent Crime Section.
"The president's remarks at today's summit are a great beginning, especially when he explained today's threat landscape as a 'cyber arms race,'" Smith said. "That statement is significant because it puts organizations and individuals on notice that cybersecurity is a national security and public safety issue. Sharing threat intelligence across government agencies, law enforcement and the private sector is a critical component of strengthening data protection however it will not work without safe harbor protections for companies that participate."
While there is a lot of ad hoc sharing of information among various industries and agencies when cyberattacks are identified, a more formal system could help security specialists and officials respond to breaches more quickly and effectively, he said.
"It's an important piece of the whole puzzle," Smith said. "The quicker that information is shared, the better for everyone."
While there are both technical and legal issues to consider -- businesses are often reluctant to share certain kinds of information about their systems with competitors or the government -- Smith said those challenges can likely be overcome to create a kind of information-sharing clearinghouse for emerging cyberthreats.
"It's not trivial and it takes thoughtfulness and care," he said. "[However], I think it can be done."
As recent high-profile cyberattacks, such as the hacking of Sony Pictures Entertainment, have demonstrated, digital threats are no longer just the concern of IT professionals. The issue is increasingly being discussed and targeted at the corporate boardroom level, and Obama's latest actions on the matter illustrate that those concerns have now reached all the way up to the chairman of the board, Smith said.
"I think it's about time we get a national standard in place," he said.
Posted: 2015-02-15 @ 7:44am PT
"Improving Authentication" -- great, all for it. Sharing info faster during cyber crime would be still chasing the crime. When it's happening, stop it. Why share it faster, explain? You're talking about hardware charge in non criminal computers. Wasn't the net created for the people, not the corporations. Corporations should just stay out of our net. Where and when are we voting on this? Know or is this not that important?