Obama’s executive order aims to increase information sharing about cyberthreats

Feb. 13, 2015, 7:02 p.m.

President Barack Obama called for increased information sharing about cyber threats in the executive order he signed onstage at Memorial Auditorium on Friday.

MasterCard CEO Ajay Banga spoke in a plenary panel on Friday morning and participated in a business leaders roundtable with President Obama. He said that the executive order is a step in the right direction, but that legislation will be needed. (CATALINA RAMIREZ-SAENZ/The Stanford Daily)
MasterCard CEO Ajay Banga spoke in a plenary panel on Friday morning and participated in a business leaders roundtable with President Obama. He said that the executive order is a step in the right direction, but that legislation will be needed. (CATALINA RAMIREZ-SAENZ/The Stanford Daily)

The order, which Obama discussed in a roundtable with business leaders shortly after his keynote address, intends to facilitate collaboration between private sector companies and between those companies and the government.

According to MasterCard CEO Ajay Banga, a participant in the roundtable, the order addresses a “patchwork of issues” that dis-incentivize businesses from self-declaring cybersecurity breaches.

He told reporters that currently, companies risk legal or regulatory action after they have informed the public of such an attack. They are also subject to Freedom of Information Act requests and may have to provide raw information lost during a breach — including customers’ personal data — to law enforcement agencies.

The executive order encourages the creation of standardized Information Sharing and Analysis Organizations (ISAOs), a potential step toward legislation to protect businesses who voluntarily share information.

According to Banga, the flow of information goes in both directions. Banga noted that the government currently cannot inform businesses if they are under attack because it would give the company a competitive advantage. He said that Obama’s executive order — which gives companies access to classified threat information — may change that policy.

“The president doesn’t view this as a one-off,” Banga said. “He is very deeply aware of the issues.”

White House Cybersecurity Coordinator Michael Daniel told reporters that the executive order promotes the sharing of data that is very technical in nature, such as malware indicators and bad IP addresses.

“I think what you’re seeing is a realization across a growing swath of American companies that the only way to address this problem is in partnership with each other and with the government,” Daniel said.

Last spring, the Department of Justice and Federal Trade Commission issued guidance that sharing cyber threat information was not a basis for antitrust concerns. However, Daniel said that some companies want liability protection as well, which is built into Obama’s legislative proposal.

Banga called for a legislative solution.

“An executive action can only take you this far,” he said.

 

Contact Joseph Beyda at jbeyda ‘at’ stanford.edu.

Joseph Beyda is the editor in chief of The Stanford Daily. Previously he has worked as the executive editor, webmaster, football editor, a sports desk editor, the paper's summer managing editor and a beat reporter for football, baseball and women's soccer. He co-authored The Daily's recent football book, "Rags to Roses," and covered the soccer team's national title run for the New York Times. Joseph is a senior from Cupertino, Calif. majoring in Electrical Engineering. To contact him, please email jbeyda "at" stanford.edu.

Login or create an account