On Friday February 13, 2015, President Obama spoke at the White House Summit on Cybersecurity and Consumer Protection at Stanford University. After his address, President Obama signed an executive order, Promoting Private Sector Cybersecurity Information Sharing, that will encourage private companies to share information regarding cyber security with the U.S. government. The executive order does not require private corporations to cooperate with the U.S. government in any affirmative manner. In addition, the executive order directs the U.S. Department of Homeland Security to develop voluntary standards related to cyber security.
The executive order is the most recent in a litany of actions taken by the administration in the wake of several high-profile data breaches, including the recent Anthem data breach. In addition to signing the executive order, President Obama also called on Congress to fully fund the Department of Homeland Security, including its new $35 million Cyber Threat Intelligence Integration Center (CTIIC), which was created to prevent cyber threats by analyzing and integrating digital intelligence collected through various sources.
According to the comments by the president, the rapid rise in cyber threats does not have an easy fix and will not have a one-size-fits-all solution. In his address, the president acknowledged that neither private corporations nor the U.S. government can tackle this problem alone. President Obama made clear that his vision for cyber defense involves a “shared mission” between public and private entities. The president acknowledged that while the U.S. government may have the latest information on cyber threats, the private sector is in control of a large portion of the cyber infrastructure in this country, and it is neither possible nor appropriate for the U.S. government to secure these private assets.
President Obama also briefly discussed his legislative agenda and his call for a new national standard for 30-day data breach notifications, which would do away with the varied state laws that currently govern data breach notifications, as well as legislation that will be proposed shortly called the Consumer Privacy Bill of Rights that will govern which types of data companies collect from users and how that data is subsequently used.
It is clear that both the U.S. government and private industry are beginning to fully accept the breadth and scope of the cyber security problem and are determining how to best address this threat. As stated by President Obama, “We’re only 26 years into this Internet Age. We’ve only scratched the surface.”
The administration’s recent actions demonstrate that both public and private employers must be more aware of cyber security. An effective cyber security defense involves exercising tighter control over internal electronic data and increased monitoring of external cyber threats. Cyber security is an area that is constantly evolving and companies must ensure that they regularly update their policies and keep abreast of technological advances as they become available to help them control and secure their technological data.