The Obama Administration could not be more clear that cybersecurity issues will continue to receive priority attention at the highest levels of government. President Obama emphasized the importance of cybersecurity during his State of the Union address, with special consideration for the need to balance and protect privacy interests. On February 13, 2015, the Administration hosted a Summit on Cybersecurity and Consumer Protection at Stanford University, which featured keynote remarks by and the announcement of a new Executive Order from President Obama, as well as participants including cabinet secretaries and major industry leaders in areas of technology and critical infrastructure.
It was viewed as inevitable that the President would address cybersecurity as a top priority, given a number of recent incidents that have shed light on threats posed to the nation’s economy, defense and critical infrastructure. These incidents have included breaches suffered by major retailers, North Korea’s believed involvement in a hack against Sony, and direct attacks and theft affecting our most sensitive information (such as a security incident suffered by a major defense contractor). President Obama has remarked that cybersecurity issues are an “urgent and growing danger” and “one of the most serious economic and national security challenges we face as a nation” where “foreign governments, criminals and hackers probe America’s computer networks every single day.”
The Summit was a real-time example of the need for public and private participation in the initiative to bolster security and improve resilience to cyber attacks. The impressive panels of leaders spoke about the need to address weaknesses in cyber security, to ensure that private industry would not be left to address these issues alone, to remain cognizant of privacy and civil liberties.
The Executive Order, announced at the Summit, emanates from the agenda for enhanced sharing of threat information. The Executive Order clearly places the Department of Homeland Security in a leadership role (to the relief of a public wary of the National Security Agency) and provides for the use of Information Sharing and Analysis Organizations to facilitate cyber threat information sharing within the private sector.
Balance will be key in the measures advanced and proposed by the Obama Administration (some criticized that the President’s proposals might actually harm cybersecurity efforts by criminalizing activities of so-called “white hat” hackers). In addition, as the President acknowledged, the private sector expects some measure of liability protection and associated standards to facilitate government cooperation, and, while the Administration can take executive branch action and can sponsor work on standards, it cannot legislate the boundaries of liability associated with the use and sharing of information. Avivah Litan of Gartner recently posited: “There's no meaningful intelligence sharing because of all the lawyers. There's always the threat of lawsuits.”
This should be a monumental year with respect to the government’s awareness and emphasis on cybersecurity. The incidents are too vivid to ignore. The Obama Administration clearly recognizes the need to capitalize on the advantages of global connectivity and the new age of information technology while also cooperating with each other and the government to ensure that our concern for safety appropriately parallels our concern for growth. Along the way, we might even get a national data breach law.