In the wake of the recent hacks, President Obama is doing his best to increase data sharing between all major companies and the federal government. He is doing this using the controversial new Cybersecurity Information Sharing and Protection Act.
As sighted by an email fact sheet from the White House, the president issued a cybersecurity executive order that creates new framework for “expanded information sharing designed to help companies work together and work with the federal government, to quickly identify and protect against cyber threats.” Many politicians took a much stronger stance toward cybersecurity after the Sony hack last year, and led Obama to spend much of the last two months focusing on the importance of expanded cooperation between government and private companies.
Some leading names in companies who are on board for this change include Apple, Intel, Bank of America, US Bank, Pacific Gas & Electric, AIG, QVC, Walgreens, and Kaiser Permanente. According to the White House, they all use a new cybersecurity framework that could facilitate future data sharing, but doesn’t fully do so now.
Operating separate of the government, some companies are already signing up for full data sharing, including those that are part of the Cyber Threat Alliance, which includes Palo Alto Networks, Symantec, Intel Security, and Fortinet. Sony and Microsoft’s video game divisions, as well as many other major game developers have formed the Entertainment Software Association. Rounding out some other companies that are out there offering cybersecurity services are Crowdstrike, Box, and FireEye.
One hindrance to all this coming to fruition, is that CISPA has been passed by the House of Representatives twice, but died in the Senate due to severe privacy concerns. Once fully passed, CISPA will allow for the creation of “information sharing and analysis organizations” to be made up of one or more companies working under the newly created National Cybersecurity and Communications Integration Center to funnel information to the Department of Homeland Security. Oddly though, this new executive order is not CISPA.
Not to create confusion, but this isn’t Obama circumventing Congress to enable all this to happen. He himself doesn’t have the power to give companies “immunity clause”, a liability protection, which is a major factor in CISPA. Basically, it gives companies the ability to remove all non-pertinent identifying information from what they share, all while granting legal immunity should they fail to do this, thus not holding them accountable when it does happen. This explains how the new cybersecurity frame-work intends to work under Obama’s clause.
Another big difference between the executive order and CISPA itself, is that the order shares information with DHS, a civil organization, rather than the NSA, a military organization. That fact has been used by experts in trying to reduce CISPA’s impact in the past.
Despite the support of some big name partners, Obama’s new framework also has strong opposition from various powerful sectors that are less agreeable to the idea. At an event held in Palo Alto where Obama announced the project, which was attended by Tim Cook, CEO of Apple, Bloomberg Business reported that Mark Zuckerberg, CEO of Facebook, Marissa Mayer, CEO of Yahoo, and Google’s Larry Page and Eric Schmidt declined their invitations. Instead they sent other employees to do some further reconnaissance. This suggested that those companies “are trying to assure their users or customers that their products are secure and that they don’t willingly turn over data to the government” per Bloomberg.
Until CISPA and any other such acts pass through Congress, full information sharing doesn’t seem likely yet, but it has become a major focus for law enforcement and intelligence agencies to gain more access to private information.