President Barack Obama traveled to the heart of Silicon Valley on Friday to lay out his vision for improved cybersecurity in a digital age that has seen high-profile cyberattacks make headlines in recent weeks. Joining leaders from various industries at the White House Summit on Cybersecurity and Consumer Protection at Stanford University, Obama stressed the importance of enhancing the public-private partnership already in its infant stages.
“We are just getting started,” Obama explained. “We are only 26 years into this internet age. We’ve only scratched the surface.”
Obama marked the event (scroll down for full video) by signing an executive order that calls for the establishment of industry hubs and a common set of information standards to facilitate greater collaboration in combating cyberthreats. Obama also outlined the four basic principles he sees as paramount to success in the fight against cyberthreats:
- Shared Mission – Government cannot perfect cybersecurity on its own, nor can the private sector. The private sector houses much of America’s critical systems, but it is the government that often has the latest information about cyberthreats. Government and industry have to share information as “true partners.”
- Focus on Unique Strengths – Government can’t and shouldn’t secure the computer networks of private companies. But the private sector doesn’t have the capacity to deal with cyberattacks or the ability to notify different companies across many industries. Individual strengths among various companies and industries need to be leveraged whenever possible and used for the greater good.
- Constant Evolution – Government and industry design new cyber defense systems, but then hackers design ways to penetrate them. “We have to be just as fast and flexible and nimble.”
- Protection of Privacy and Civil Liberties — Obama said when consumers share their information with companies, they deserve to know it will be protected. When Americans go online, they shouldn’t have to forfeit their basic privacy.
Thawing the Ice
While Apple CEO Tim Cook spoke ahead of Obama at the event, noticeably absent were the leaders of tech titans like Google, Facebook and Yahoo. Revelations like those unearthed by the leaks of Edward Snowden have strained the previously cozy relationship between the White House and Silicon Valley. Obama, seemingly aware of the new divide, made an effort repair the relationship by touting the history of achievement by many in the tech industry.
“The innovations that first appeared on this campus all those decades ago – that first mouse, that first message — helped lay a foundation. And in the decades since, on campuses like this and at companies like those that are represented here, new people came along; each laying down a block — one on top of the other,” Obama said. “When future historians ask ‘Who built this information age?’ it won’t be any one of us who did the most important part alone. The answer will be ‘We all did.’”
Bankers are on board
Contrasting the chilly relationship between the White House and Silicon Valley, the financial services industry has greeted Obama’s efforts on cybersecurity with sunny diplomacy. However, that wasn’t always the case. Not long ago, banks were leery to work with the government on cybercsecurity; preferring instead to deploy proprietary defenses often constructed by the finest former government experts the banks could recruit into the private sector.
A couple of years ago, the financial services industry pivoted with regard to collaboration with the government on cybersecurity. Industry officials began urging the government to do more to help protect businesses. One of the results was the Commerce Department’s National Institute of Standards and Technology Framework for Improving Critical Infrastructure Cybersecurity. Bank of America Chairman and CEO Brian Moynihan noted at the summit that the NIST Framework has been helpful in that it provides boards of directors with useful guidance on how to manage their cybersecurity efforts.
Moynihan went on to explain that the key to a cohesive cyber defense system is to get all the relevant business and government parties “into the tent,” then decide what level of information sharing is appropriate and who is liable. Moynihan added that the liability piece is going to take changes to current law.
During an earlier panel at the summit, American Express Chairman and CEO Ken Chenault highlighted one of the ways outdated laws and regulations harm cybersecurity. Chenault explained that a law from the 1990s prohibits AmEx from reaching 90% of its customers via mobile phone to issue fraud alerts. Of the customers AmEx is allowed to reach via mobile phone, Chenault said 35% respond to a fraud alert within 60 seconds. “The public and private sectors must partner to keep our laws and regulations current with the advances in technology,” Chenault said.
Mastercard CEO Ajay Banga said one new hurdle is the “nationalistic chauvinism” starting to develop between international regulators. Different countries place varying levels of importance on cybersecurity and consumer protection. Banga warned that asking companies to adhere to dramatically different regulations in various countries will only slow progress toward comprehensive protection.
Obama the Orator returns
Obama did not shy away from the difficult role the government sometimes must play when it comes to cyberthreats and cyberattacks. Likening the current cyber-landscape to the “Wild West,” Obama said citizens often expect the government to play the role of the sheriff: acting to deter cyberattacks and also punishing those who commit them. But those same citizens also get upset when they feel the government’s cyberwarfare effort infringe upon their right to privacy. In a hat tip to Tim Berners-Lee, the inventor of the World Wide Web, Obama called for continued collaboration between government, business and citizens in working to strike the right balance.
“If we keep working together in a spirit of collaboration, like all those innovators before us, our work will endure like a great cathedral for centuries to come,” Obama explained. “And that cathedral will not just be about technology. It will be about the values that we have embedded in the architecture of this system. It will be about privacy and it will be about community and it will be about connection. What a magnificent cathedral that all of you have helped to build.”