Obama to sign executive order on cybersecurity info sharing

The president wants better coordination between government and the private sector to fight online threats. Companies on board include Apple and Intel.

Jon Skillings Editorial director
Jon Skillings is an editorial director at CNET, where he's worked since 2000. A born browser of dictionaries, he honed his language skills as a US Army linguist (Polish and German) before diving into editing for tech publications -- including at PC Week and the IDG News Service -- back when the web was just getting under way, and even a little before. For CNET, he's written on topics from GPS, AI and 5G to James Bond, aircraft, astronauts, brass instruments and music streaming services.
Expertise AI, tech, language, grammar, writing, editing Credentials
  • 30 years experience at tech and consumer publications, print and online. Five years in the US Army as a translator (German and Polish).
Jon Skillings
4 min read

Watch this: President Obama signs executive order for information sharing (video)

President Barack Obama on Friday plans to sign an executive order to promote sharing of information on cybersecurity threats between the private sector and government agencies.

The executive order is meant to establish a framework to help businesses and and government organizations "prioritize and optimize" their spending, and quickly identify and protect themselves against cyberattacks, including those in the employ of criminal organizations or foreign nations. The framework will also improve communication across companies and organizations to better manage cyber-risks.

"The federal government cannot, nor would Americans want it to, provide cybersecurity for every private network," the White House said in a statement. "Therefore, the private sector plays a crucial role in our overall national network defense."

Companies that have committed themselves to that framework include Apple, Intel, Bank of America and Pacific Gas & Electric.

On Friday, the president will be at Stanford University for a summit on cybersecurity hosted by the White House that will bring together senior leaders in the government and CEOs from the financial, tech and computer-security industries. He heads to Silicon Valley amid rising tensions between the government and some of the world's largest tech companies. The US and other governments want better ways to monitor people's emails, messages and posts, while tech companies worry that abetting such surveillance will make them less competitive in Europe and other regions with stronger privacy protections.

Facebook CEO Mark Zuckerberg, Yahoo CEO Marissa Mayer and Google's Larry Page and Eric Schmidt were all invited to the Stanford event, but won't attend, according to the companies. Apple CEO Tim Cook is making an appearance, talking about people's rights to privacy and security.

Cybersecurity has become a major issue for the administration. During his State of the Union address in January, the president proposed adding $14 billion to the 2016 budget to better protect government and corporate computer systems from hackers. He has also pushed for Congress to pass legislation to help shore up cybersecurity in the US.

And for good reason. Hacks on private businesses and government offices were rampant throughout 2014 -- more than 1,500 data breaches worldwide, up nearly 50 percent from 2013 -- as both online criminals and foreign nations attacked businesses and government organizations. Last month, insurance provider Anthem revealed that hackers had broken into its computer systems and potentially accessed the personal data of 80 million people, including their names, emails, passwords and Social Security numbers. Such information makes Anthem's customers vulnerable to identity theft for the rest of their lives. Last year, JP Morgan Chase revealed that more than 76 million US households who had logged in online or through mobile devices had had their accounts compromised.

To even greater notoriety, hackers in November breached the computer network at Sony Pictures, spilling details of the inner workings of Hollywood studios and leading the way to an international incident over the comedy "The Interview." Obama has pointed to North Korea as the likely culprit behind that cyber break-in.

"Our economy, national security, educational systems, and social lives have all become deeply reliant on cyberspace," the White House said in a "fact sheet" about the executive order. "Our use of digital networks provides a platform for innovation and prosperity and a means to improve general welfare around the country and around the globe, driving unparalleled growth. But this dependency also creates risks that threaten national security, private enterprises and individual rights."

What the executive order will bring

The executive order envisions, among other things, the establishment of what the White House calls information sharing and analysis organizations, or ISAOs, which would be the nexus of information sharing and collaboration both within the private sector and between businesses and government agencies. An ISAO could be a not-for-profit community, a membership organization, or a single company, the White House said.

The US Department of Homeland Security, meanwhile, would be authorized to approve classified information-sharing arrangements and to ensure that information-sharing entities can appropriately access classified cybersecurity threat information. It would also fund the creation of a nonprofit organization to develop a set of voluntary standards for ISAOs.

To counter worries that agencies and businesses might share too much personal information, the new framework will include "strong protections for privacy and civil liberties," the White House said.

The underlying message: This is all about risk management and shared responsibility.

Along with tech giants Apple and Intel, plus Bank of America and PG&E, companies committing to the framework include US Bank, AIG, Walgreens, QVC and Kaiser Permanente. Also joining in the effort are the Entertainment Software Association, network software company FireEye and online storage provider Box.

At the same time, the White House is making a push for more secure payment technologies, with the participation of Visa, MasterCard, Apple and Square.

Looking for security beyond passwords, the administration is also pushing for advances in multifactor authentication. On board with that are Intel, American Express and MasterCard, among others.

"Because of the interconnected nature of the Internet, no one is isolated from [cyber] threats," the White House said. "We are at an inflection point, both domestically and internationally, and now is the time to raise the call for greater collective action."

This story has been updated throughout the morning with additional background and details about the executive order.