Obama Says Cyberthreat Onslaught Requires Joint Defense

President Barack Obama said the onslaught of Internet threats against the U.S. government and business computers requires a joint defense by federal and private security specialists.


(Bloomberg) -- President Barack Obama said the onslaught of Internet threats against the U.S. government and business computers requires a joint defense by federal and private security specialists.

At a time when relations between Silicon Valley and Washington are frayed over government surveillance and data collection, Obama is appealing to technology companies for cooperation to fend off criminal and state-sponsored attacks on the nation’s computer networks.

“The very technologies that empower us to do great good can also be used to undermine us,” Obama said at a White House- sponsored cybersecurity summit Friday at Stanford University in California. “Everybody’s online, and everybody’s vulnerable.”

Addressing an audience that included executives and security officials from companies such as Microsoft Corp., Google Inc., Yahoo! Inc. and Facebook Inc., Obama said he will make it easier for the government and companies to share threat information while he awaits congressional action on cybersecurity legislation.

One of the areas of friction between the government and technology companies is how to balance the privacy of users or customers with national security concerns in the extensive government surveillance programs that intercept phone, Internet and other communications.

Privacy Rights

Obama was preceded on the stage by Tim Cook, chief executive of Apple Inc., who said sacrificing privacy rights “can have dire consequences” beyond business interests.

“If those of us in positions of reasonability fail to do everything in our power to protect the right of privacy, we risk something far more valuable than money, we risk our way of life,” he said. Obama listed that as one of the principles that will guide his strategy in confronting cyberthreats. “When we go online we shouldn’t have to forfeit the basic privacy we’re entitled to as Americans,” Obama said.

Obama signed an executive order intended to encourage companies to share information on Internet threats with one another and create a framework to help the private sector turn over data to federal agencies investigating data breaches. Companies would share the information voluntarily.

Legislative Proposal

The White House in January proposed legislation that would give companies legal protections for sharing information with each other and the government about hacking threats. The administration argues it’s needed to help prevent attacks like the November hack that crippled thousands of computers at Sony Pictures Entertainment.

“These attacks are hurting American companies and costing American jobs,” Obama said, citing the Sony attack, which U.S. authorities have blamed on North Korean hackers. “This has to be a shared mission.”
While there is broad agreement companies should get legal protections for sharing threat data, Congress has failed to reach a deal on similar legislation in the past four years. Chief executives from a variety of industries emphasized the importance of public-private sector sharing of information about cyberthreats.

Information Sharing

“I really think that information sharing may be single handedly the highest impact” action, at the lowest cost, that companies can use to accelerate overall defenses, Kenneth Chenault, chairman and chief executive officer of American Express Co. said during a panel discussion at the summit.

He said Congress must pass legislation that ensures liability protection for companies that share threat data with the government. In addition, government needs to relax other regulations, such as one that prevents American Express from contacting most of its cardholders via text messages about security concerns, he said.

Republican Representative Mike McCaul, chairman of the Homeland Security Committee, plans to hold a hearing on Obama’s proposal on Feb. 25. He said in a statement that “Congress must take aggressive action” to let companies share information to deal with network attacks.

Company Initiatives

The administration also used the summit to highlight companies taking steps to secure information over networks

Apple got the government’s seal of approval for its Apple Pay mobile-payment system, announcing it will be enabled for users of federal-payment cards, including Social Security and veterans benefits that are paid out via debit cards. The agreement also includes the Direct Express payment network and government cards issued through General Service Administration SmartPay, which handles more than 87.4 million transaction worth $26.4 billion each year.

American Express and MasterCard Inc. are among companies that announcing new authentication systems that will use technologies such as biometrics in addition to the standard username and password, according to the White House. Visa will commit to “tokenization,” a credit-card security system that replaces numbers with randomly generated tokens.

Bank of America Corp., Apple, U.S. Bank NA, Pacific Gas & Electric Co. and Kaiser Permanente also are undertaking initiatives incorporating a security framework backed by the Obama administration, the White House said.

--With assistance from Michael Riley and Toluse Olorunnipa in Washington.

More for you

Loading data for hdm_tax_topic #reducing-cost...