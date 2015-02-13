(Updates with information and comment from White House)
By Joseph Menn and Roberta Rampton
SAN FRANCISCO/WASHINGTON Feb 12 President
Barack Obama is set to sign an executive order on Friday aimed
at encouraging companies to share more information about
cybersecurity threats with the government and each other, a
response to attacks like that on Sony Entertainment.
The order sets the stage for new private-sector led
"information sharing and analysis organizations" (ISAOs) - hubs
where companies share cyber threat data with each other and with
the Department of Homeland Security.
It is one step in a long effort to make companies as well as
privacy and consumer advocates more comfortable with proposed
legislation that would offer participating companies liability
protection, the White House said.
"We believe that by clearly defining what makes for a good
ISAO, that will make tying liability protection to sectoral
organizations easier and more accessible to the public and to
privacy and civil liberties advocates," said Michael Daniel,
Obama's cyber coordinator, in a conference call with reporters.
Obama will sign the order at a day-long conference on
cybersecurity at Stanford University in the heart of Silicon
Valley.
The move comes as big Silicon Valley companies prove
hesitant to fully support more mandated cybersecurity
information sharing without reforms to government surveillance
practices exposed by former National Security Agency contractor
Edward Snowden.
Cybersecurity industry veterans said Obama's anticipated
order would be only a modest step in one of the president's
major priorities - the defense of companies from attacks like
those on Sony and Anthem Inc.
Obama has proposed legislation to require more
information-sharing and limit any legal liability for companies
that share too much. Only Congress can provide the liability
protection through legislation.
Businesses are unlikely to share a lot of timely and
"actionable" cyber intelligence without liability relief, said
Mike Brown, a vice president with the RSA security division of
EMC Corp.
"Until that gets resolved, probably through legislation, I'm
not sure how effective continued information-sharing will be,"
said Brown, a retired Naval officer and former cyber official
with the Department of Homeland Security.
Senator Tom Carper, the top Democrat on the Senate Homeland
Security committee, introduced a bill this week that
incorporates much of Obama's plan. But Republicans control
Congress, and they have yet to sign on to the idea.
"This is an urgent matter and we are working with anyone
that we can up on the Hill to make that happen," said Daniel,
who had not yet reviewed Carper's bill.
Getting a bill through Congress will require at least the
support of big Silicon Valley companies such as Google Inc
and Facebook Inc.
Those companies, however, have refused to give full support
to cybersecurity bills without some reform of surveillance
practices exposed by Snowden that have hurt U.S. technology
companies' efforts to win business in other countries.
"Obviously there have been tensions," Daniel told reporters.
"But I think that's the kind of thing where the only way to
get at that is to continue to have dialogue and to continue to
engage, and the president has been committed to that," he said.
Google, Facebook and Yahoo are not sending their
chief executives to the Stanford conference because of the rift,
according to an executive at a major technology company. Apple
Inc Chief Executive Tim Cook will give an address.
Obama also will meet privately with some executives on
Friday. They are expected to press again for surveillance reform
and support for strong encryption, which some in the
administration have faulted recently on the grounds that it
enables criminals and terrorists to hide their activity.
Big technology companies and a host of startups have been
beefing up encryption in Snowden's wake to make blanket
intelligence collection overseas more difficult.
