Governance & Risk Management , Incident & Breach Response , Managed Detection & Response (MDR)
President Obama Grapples with Cyber Challenges
Signs Executive Order, Cites Need for CollaborationPresident Obama described the cyberworld as the "wild, wild West" and the American government as the sheriff in a Feb. 13 keynote speech at a cybersecurity summit.
Moments after finishing the speech at the White House summit held at Stanford University, Obama walked across the stage to a desk, and signed an executive order aimed to prompting businesses to share cyberthreat information with one another as well as with the federal government.
The executive order, among others things, encourages the development of information sharing and analysis organizations, or ISAOs, to serve as focal points for cybersecurity collaboration within the private sector and between the private sector and government. Existing information sharing and analysis centers, or ISACs, could constitute ISAOs under the president's framework (see Obama to Issue Cybersecurity Executive Order).
Obama said his administration grapples with protecting Americans from adverse cyber-events while making sure the government itself doesn't abuse cyber's capabilities. "The cyberworld is sort of the wild, wild West, and to some degree we're asked to be the sheriff. When something like Sony happens," he said, referring to the breach of Sony Pictures Entertainment, "people want to know what can government do about that. If information is being shared by terrorists in the cyberworld, and an attack happens, people want to know are there ways of stopping that from happening."
But Obama also pointed out that citizens are wary of government intrusions. "By necessity, that means government has its own significant capabilities in the cyberworld but then people rightly ask what safeguards do we have against government intruding on our own privacy," he said. "And, it's hard. It constantly evolves because the technology so often outstrips whatever rules and structures and standards that have been put in place, which means the government has to be constantly self-critical and we have to be able to have an open debate about it."
Interdependency Highlighted
Obama discussed the interdependency between government and the private sector to battle cyberthreats. "There is only one way to defend America from these cyberthreats and that is through government and industry working together, sharing appropriate information as true partners," he said.
The president said the government can't defend private networks, but industry doesn't have the situational awareness, the ability to warn other companies in real-time or the capacity to coordinate a response across companies and sectors. "We have to be smart, efficient and focus on what each sector does best, and then do it together," he said.
Working together, Obama said, government and business must be "fast and flexible and nimble" to defend against hackers who design new ways of penetrating systems as attacks get more sophisticated.
In developing cyberdefenses, Obama said, the privacy and civil liberties of American citizens must be safeguarded. The president said the government and industry wrestle with privacy protection. "When consumers share their personal information with companies, they deserve to know it's going to be protected. When government and industry share information about cyberthreats, we've got to do it in a way that safeguards your personal information. When people go online, we shouldn't have to forfeit the basic privacy we're entitled to as Americans."
Obama used the speech to call on Congress to enact his package of cybersecurity legislation, including measures to provide liability and privacy protections in cyberthreat information sharing and to create a national data breach notification law. "This should not be an ideological issue, that's the one thing I want to emphasize. This is not a Democratic issue or a Republican issue. This is not a liberal or conservative issue. Everyone is online and ever one is vulnerable."