President Obama will underscore the urgency of protecting the country from cyber-security threats like the attacks on Sony Entertainment by announcing an executive order to encourage information-sharing between the private and public sectors.
The president will unveil the new action at a cyber-security summit at Stanford University Friday. Unlike other executive actions, it doesn’t change current law but instead simply encourages the development of information-sharing and analysis organizations, or ISAOs, hubs that will serve as conduits for collaboration on cyber-security threats between companies and the government agencies.
The move is aimed at making companies, as well as personal privacy advocates, more comfortable with cyber-security bills expected to pass this Congress. Those bills will provide companies with liability protection if they share individuals’ personal information to the government in the process of trying to prevent or respond to a major hack to their computer infrastructure and data.
“We believe that by clearly defining what makes for a good ISAO, that will make trying liability protection to sectoral organizations easier and more accessible to the public and to privacy and civil liberties advocates,” Michael Daniel, Obama’s cyber coordinator, told reporters on a conference call.
The executive action also directs the Department of Homeland Security to fund the creation of a non-profit organization to develop a common set of voluntary standards for information-sharing between private companies and the government.
Technology companies are skittish about backing any cyber-security bills that require them to share information with the government absent reforms to sweeping surveillance practices by the National Security Agency and others leaked last year to the public by Edward Snowden.
In fact, last year before the Sony hack showed how dangerous cyber-security threats can be, Obama threatened to veto two bills in the house aimed protecting the country against cyber attacks out of concerns about personal privacy protections.
Earlier this month, the president put those concerns aside to make a major push for cyber-security measures, sending up a proposal to Congress that would limit any legal liability for companies that share consumers’ personal information.
And earlier this week, Lisa Monaco, Obama’s counter-terrorism advisor, announced the creation of a new cyber-security agency to collect and disseminate information on cyber threats.
Some companies such as Google and Facebook and Yahoo are reportedly not sending their chief executives to the Stanford conference, in what many are viewing as a public sign of distrust and discontent of the leaks about government collection of bulk personal data. Apple Chief Executive Tim Cook, however, will be on hand and deliver a speech.
After the Snowden leaks caused an international furor last year, Obama delivered a speech outlining several reforms. The White House last week released a status report outlining which reforms have been implemented and which had not, giving fodder to some critics who want to see surveillance changes, such as the bulk collection of phone calls, altered at a faster pace.
White House spokesman Eric Schultz said the report showed “some pretty significant progress” but acknowledged that more work needs to be done.
“We’re not done. And I think that long past this issue fading from the headlines, this is work that a lot of our intelligence officials, the professionals across the interagency are working day in and day out on to make sure that we better strike the balance between civil liberties, privacy, and the security interests of the United States,” he said Thursday.
