CybersecurityObama signs cybersecurity executive order, promotes information-sharing hubs

President Barack Obama, at last week’s White House Summit on Cybersecurity and Consumer Protection, reiterated the need for more companies to collaborate with each other as well as with the federal government to develop cybersecurity solutions that protect consumer privacy while keeping hackers out of network systems. Cybersecurity is everyone’s business, Obama chanted. “We have a lot more work to do to solve these (data breach) problems, which are causing billions of dollars’ worth of loss in our economy each year,” Obama said. “We need all of us to work together to achieve what none of us can achieve alone. And it’s hard. Some of these issues have defied solutions for years.”

During his address at Stanford University to an audience of Silicon Valley executives, media, and cybersecurity experts, Obama signed and enacted Executive Order 13636,“Improving Critical Infrastructure Cybersecurity,” to move forward an information-sharing relationship between the private sector and federal agencies. The order, not a law or regulation, asks the private sector to invest in developing better cyber defenses, improve industry collaboration on cyber issues, and reach out to the federal government for assistance on cyber matters.

One strategy Obama encouraged in his speech was the creation of information-sharing groups, called hubs, built around vertical industry sectors. According to the White House, hubs will prepare members of industry groups to better respond to common attacks. The Financial Services Information Sharing and Analysis Center (FS-ISAC) currently serves as a hub for the finance and banking sector. Obama has tasked DHS via its National Cybersecurity and Communications Information Center with approving companies who want to access government supported cyber information-sharing programs.

“This is a necessary precondition to tackling our cyber-security problems,” White House cybersecurity coordinator Michael Daniel, toldeWEEK. “We’re not going to solve all of the really sophisticated actors or defeat all the advanced persistent threats just by increasing information sharing. But we have seen industries that have increased their information sharing — such as in the financial services industry — and that does make a meaningful difference in being able to cut out a lot of the low-level attacks and intrusions. When you do that, then you can focus your humans on the more sophisticated intruders.”

Ajay Banga, chief executive at MasterCard, praised the White House’s efforts on cybersecurity but insists “we need a real legislative solution. An executive action can only take you this far.” House Speaker John Boehner’s (R-Ohio) office has criticized the executive order. “Unilateral, top-down solutions will not solve America’s cyber problems,” said Boehner spokesperson Cory Fritz. “The President should work with Republicans to enact the types of common-sense measures that passed the House twice in recent years with strong, bipartisan majorities but stalled in the Democratic-controlled Senate.”

Although Congress has yet to act on Obama’s proposed legislation that would protect companies from lawsuits for sharing cyber threat data with the government, some lawmakers believe the executive order will help move the conversation forward. “The president’s actions today are not a complete solution, but do help prepare a policy foundation on which Congress can build a robust legislative strategy to solving the data security challenges American businesses face,” said Senator Jerry Moran (R-Kansas), chairman of the Senate Commerce, Science and Transportationsubcommittee on consumer protection and data security. “I hope the president will keep his commitment to work with Congress to align incentives for American businesses to protect themselves and consumers.”