Obama Signs Executive Order on Private-Sector Info-Sharing

President Obama has signed an executive order aimed at encouraging information-sharing to thwart hacking attacks on private enterprise.

The order lays out a framework for “expanded information-sharing designed to help companies work together, and work with the federal government, to quickly identify and protect against cyber-threats.”

This includes as a central point the development of information sharing and analysis organizations (ISAOs), where companies and industries can set up hubs to share information with each other. It also calls for a common set of standards so the government can share information on threats with these hubs more easily.

The news comes against the backdrop of a cybersecurity summit that kicked off this week at Stanford University in Palo Alto, Calif. In attendance were President Obama, the secretaries of Homeland Security and the Department of Commerce, and the CEOs of Apple, American Express, Kaiser Permanente, AIG and Pacific Gas & Electric.

"When companies get hacked, Americans’ personal information, including their financial information, gets stolen," the President said in his remarks to the audience. "Identity theft can ruin your credit rating and turn your life upside down. In recent breaches, more than 100 million Americans had their personal data compromised, including, in some cases, credit card information."

He added, “Government cannot do this alone. The fact is that the private sector can’t do this alone either. It’s government that often has the latest information on these new threats.”

He also addressed the Congressional reluctance to pass cyber-legislation. “This should not be an ideological issue,” the President said. “This is not a Democratic or Republican issue. Everybody’s online and everybody’s vulnerable.”

Not everyone was behind the effort. The BBC reported that Google, Yahoo and Facebook executives turned down invitations to the event, including their respective CEOs, though the tech giants did send less senior personnel. Taking the stage later in the day, Apple chief Tim Cook laid out the concerns of the tech community over privacy.

He called privacy “a matter of life and death” and reiterated that Apple will not lower its standards on that front to comply with any government initiative to gather information on its users.

"People have entrusted us with their most personal information," he said. "We owe them nothing less than the best protections that we can possibly provide by harnessing the technology at our disposal. We must get this right. History has shown us that sacrificing our right to privacy can have dire consequences."

The summit and the EO are the latest in a string of security moves from the White House. The administration also recently announced the Cyber Threat Intelligence Integration Center, which is also aimed at information-sharing. And, the EO builds on a previous executive order calling for the creation of a framework aimed at improving security for critical infrastructure.

What’s Hot on Infosecurity Magazine?