Last Friday, US President Obama addressed an audience at the White House Summit on Cybersecurity and Consumer Protection. This summit is the pioneering summit about people awareness of their Cybersecurity was held at Stanford University. At the summit, US President Obama proclaimed an executive order to command both the government and private sector to share all information that they possess regarding cybersecurity. The said Executive Order is also expected to permit the Department of Homeland Security (DHS) to manage and administer information in order to provide better flow into the government.
Basically, what Obama wanted to happen was to have a single entity that will analyze, integrate and quickly share intelligence about threats on the cyber world that will be deemed threatening to the government, and eventually act as one in order to provide faster solutions and actions regarding the threats.
“I’m signing a new executive order to promote even more information sharing about cyber threats both within private sector and between government and private sector. And it will encourage more companies and industries to set up organizations, hubs so you can share information with each other. It’ll call for a common set of standards, including protections for privacy and civil liberties so the government can share threat information with these hubs more easily.” US President Obama said.
After a series of countless large-scale security hacks. The victims were mostly major corporate companies and retail giants. Therefore, Obama intentions of his speech in the event was an attempt to reach out to both organizations and individuals, to make both parties notice that cybersecurity is a national and public safety issue. This means that everyone should be involved in the process of keeping everyone in the cyberworld safe. The world needs more awareness of the issues that are often times neglected by normal people since they are not directly affected by it – or at least, not yet.
“This has to be a shared mission. So much of our computer networks and critical infrastructure are in private sector, which means government cannot do this alone. But the fact is that the private sector can’t do it alone either, because it’s government that often has the last information on new threats,” the President added to his speech.
Of course, some were moved by his stirring and motivating speech. However, this does not stop critiques from being doubtful about this stance. Critiques have seen some future shortcomings and possible worse results in the future.
According to Ryan Shaw, Director of Research and Development at Foreground Security, the Executive Order being issued in order to promote government and private sector cybersecurity information sharing is a significant acknowledgement of the capabilities of the country’s current cybersecurity defences. In addition, Shaw also emphasized the unresolved issues and currently occurring challenges that has been there through the years. He pointed out that government and private sectors are not always in par or on the same level. There has been the constant lack of trust for both parties. May it be because of long overdue history or own personal selfish reasons, bringing both parties together will require a major amount of effort.
Another problem about the concept of sharing information is that, it needs to be handled very sensitively. The approach should be more than a hundred percent secure if possible because both the organization and the private sector does not want to have their delicate information being leaked and being available in the public. A single wrong move could even lead to more attacks against the government and private sectors. It is also important that there should be a clear and distinct instruction about the type and format of information that will be shared between parties, otherwise it may just cause turmoil and will make the situation worse. This way, the information being shared will sort of have a standard and will prevent both parties from sharing too much or unrelated information towards each other.
However, there are other critiques saying that government should not be in the business of regulating and controlling the information security industry. Everyone has the right to public information. Therefore, Tal Klein, CMO for Adallom think that the President’s agenda should begin and end with awareness. Tinkering with the economic dynamics of the information security marker should be avoided. Tal wanted this program to be more passive rather than be aggressive and hands-on. This program should only focus on bringing awareness to people about their rights, their security, and the risks connected to the freedom of engaging in the age of information technology.
In addition to the issue of bringing government and private sectors together, there is also a problem with the current cybersecurity tools. The country is a little ill-equipped or shorthanded when it comes to the tools needed to be able to handle large numbers of multi-score and hybrid threat indicators. Moreover, they also do not have the equally-competitive staff that could match the skills of a professional terrorist hacker. I mean, obviously,
According to Obama, Technology is used as a means to promote democracy and at the same time, this could also be another avenue wherein terrorists and hackers could use as a leverage to use against us. The dangers of possessing this kind of power over information is the main reason why Cybersecurity is considered to be vital in both the national security and the economic stability, as well.
Obviously, the threats from cyber intruders towards US companies and government agencies are continually increasing. As a solution, President Barack Obama seeks $14B for cybersecurity funding. This increase in budget is expected to beef up the government’s ability to resolve and to respond cyberattacks as quickly as possible. The funding is also expected to support numerous programs that focuses on detection and prevention of cyberattacks. An example of these programs are the monitoring and diagnostics of networks in federal computers.
Continuing on Obama’s speech, he brought up four key points that will guide both the private and government sector regarding their relationship and interaction towards each other with regards to sharing information for building a stronger cybersecurity.
- Since most of the critical infrastructure are in the private sectors and government also contain the most sensitive pieces of information about the country’s existence, both parties should treat this as a shared mission. Obama wanted the government and the private sector to work together.
- Even though the government and the private sector are expected to work together, they should not be dependent towards each other. Both of them should focus on their unique and specific strengths that will make the process way easier. The division of labor should be properly distributed.
- Monitoring and prevention of threats should constantly and continually involve. Both parties should avoid being stagnant It is highly recommended to constantly buff their security and consistently develop new defences. This way, hackers will have difficulty trying to figure out the new designs and developments. Obama wants to highlight that consistency is the key, and is a must!
- Assure that privacy and civil liberties of everyone are completely safe and protected.
The Cyber Threat Intelligence Integration Center (CTIIC) was assigned by the White House to monitor and collect information regarding cyber threats as well as analyze the collected data in order to make sense of the attacks. This information will be delivered to the different department and agencies in order to make them aware of the threats and in order to plan for an immediate action to counterattack or prevent more damages. They are focused on making changes to the system in order to give the hackers more difficult time to achieve what they want.
The said agency will open and start with an estimate of 50 staff. They were allotted $35M for the agency’s funding. Issuing a memorandum for the establishing of the new center, he also declared the Cyber Threat Intelligence Integration Center will be a part of the Office of the Director of National Intelligence.
Almost all of the leading companies in IT industry were invited over for the summit. Each company were able to send a representative. One very familiar company that attended the summit was Intel and according to their representative, they have released a whitepaper regarding their experience of Cybersecurity Framework which was outline a year ago. They provided good reviews of the CSF because it focuses on risk management rather than compliance. In this way, Intel believes that the drafted CSF will help in transforming cybersecurity in a more global scale.
In the advent of exchanging information, one major concern will be risk that information might fall into the wrong hands. Therefore the focus of the discussion is situated in Risk management. They will find the right and most appropriate means or ways of exchanging information that will surely become the key to the success of the program.
Knowing that both parties share the same risks and threats, the ongoing development of security will benefit everyone. Therefore, it is crucial that both parties should always cooperate and communicate with each other. In addition, getting or hiring the right people for this job is also critical. Blame it to the countless action movies where people pretend as agents or spies trying to infiltrate the enemy company or the competition. Yes, this situation happens in real life too. There are indeed a lot of people who would do everything they could just to get their hands on the information – either for personal or professional motives.
In addition to the guests that were able to attend the summit was Apple. IF the main issue of Intel was Risk Management, Apple was more concerned with encryption. Technology companies like Apple provide its users additional encryption in mobile devices but the government seems displeased with this feature. For some companies, encryption is considered to be one of the most important cybersecurity tools. “We can’t allow the short-sighted worries of some law enforcement officials to undermine the longer term goal of creating a truly secure Internet, which in itself will help prevent countless crimes,” Said Danielle Kehl, who is the policy analyst for New America Foundation’s Open Technology Institute think tank.
Of course sceptics will not stay idle. The American Civil Liberties Union is the organization which is very particularly concerned with privacy of the people from the government. Seeing that the government is trying to get hold of control of a huge load of people’s private information through the cyberworld spurs a feeling of chaos in them. They want to point out that even the people themselves – Americans, also need protection from the government.
“Information that identifies who we associate with – our financial activities, our healthcare information, information that identifies those aspects of our lives and then identifies us – that information needs to be stripped out unless it’s necessary to address the cybersecurity threat. And the proposals for information sharing that have come out from both Congress and the White House don’t sufficiently ensure that that happens,” Gabe Rottman, the American Civil Liberties Union Policy Advisor said.
Indeed, this Executive Order has stirred a lot of interest from both government and private sectors since everyone is affected by this decision. It also alarmed both the sectors as well as some private individuals who think very differently and value their privacy more than other people care. Who could ever tell if this project will achieve a total success at the end? If this will be completely implemented in the country, will this even end? How could one say that it indeed succeeded or failed? How long will the program last? What are the perks of this program to the normal citizens who are not actively and aggressively involved in such huge companies that actually make a difference in the Information Technology world? What are the scopes and the limitations of this program? Once you get in, is there still a way of going out? Indeed, there would be a lot of questions more – probably would consist a few pages if you try to list them one by one. There could be no assurance whether or not it will be advantageous or will it be the other way around? However, the intent is loud and clear. The mere fact that the government finally gave importance to cybersecurity means that the government should be in a good start!