How to Fight Cyberthreats: White House Calls on Congress, Tech Industry to Help

President issues executive order to facilitate sharing information about cyberthreats, but says Congress needs to act on liability protection and data breach notification.

cyberthreat thinkstock
Credit: Thinkstock

The White House is ratcheting up its warnings on the dangers of cyberspace, calling on tech companies and other private-sector outfits to share more information about emerging threats, and appealing to Congress to enact legislation in the cyber arena.

President Obama Signs Cybersecurity Executive Order

To address the information sharing challenge, President Obama has signed an executive order calling on the industry to establish formal organizations to compile and disseminate threat data, and directing the Department of Homeland Security to fund a nonprofit group to develop a set of common standards for that information.

That effort aims to "make collaboration safer, faster and easier, and ensure greater coordination within the private sector to respond to cyberthreats," the White House explains in a fact sheet outlining the executive order.

The White House is also looking to enhance information sharing between the government and private sector, including in the executive order directives to streamline the process for businesses to access classified threat information, and to boost collaboration between industry and the cybersecurity unit at Homeland Security.

Fight Cyberthreats With Information Sharing and Data Breach Notifications

In his appeal to Congress, Obama is asking for legislation that would codify the role of that organization -- the National Cybersecurity and Communications Integration Center (NCCIC) -- among other measures. The White House is also lobbying for a bill that would provide protections from legal liability for businesses that share data through the NCCIC, and one that would establish a national standard for companies to notify customers when they have experienced a data breach.

"This should not be an ideological issue," Obama said in remarks Friday at an event at Stanford University. "And that's one thing I want to emphasize: This is not a Democratic issue, or a Republican issue. This is not a liberal or conservative issue. Everybody is online, and everybody is vulnerable."

Several business leaders were on hand to express support for the administration's push for legislation to establish civil and criminal liability shields for companies that share threat information within industry and with government under the NCCIC framework.

"In order to incentivize greater industry sharing, we need to pass legislation that provides liability protection for private-sector sharing and channels government resources more effectively," said American Express Chairman and CEO Kenneth Chenault.

That spirit of collaboration runs through other facets of the cybersecurity challenge. Just as officials underscore the importance of reaching out to other industry members and the government, executives are advised to look within their organization to ensure that the efforts of the CIO's team are aligned with the business units.

Enter the CIRO

At insurance giant AIG, for instance, the firm has established the position of chief information risk officer who reports to the enterprise risk officer, a move that President and CEO Peter Hancock says is intended to integrate the tech and business divisions, rather than allowing each to operate in its own silo.

"I do think that sitting within technology you can't help being co-opted by your own procedures," Hancock says.

In addition to the cybersecurity bills that the president proposed in January, Obama said on Friday that the White House will put out a framework for legislation establishing a consumer privacy bill of rights later this month, building on a years-long review the administration has been conducting evaluating how companies are collecting and using customers' data.

The outlook in Congress for moving on the president's proposals for cyber legislation is anything but certain, and experts note that moving a bill covering something with broad support like information sharing is a tall order.

Former Rep. Mike Rogers (R-Mich.), who chaired the House Intelligence Committee in the last congress, recently reflected on his efforts to pass an information-sharing bill, offering a bleak outlook for the prospects of advancing similar legislation this session. "We are a long way from a cyber-sharing piece of legislation," Rogers said.

Still, the administration speaks in urgent terms about the mounting cybersecurity threats.

"The number of victims is expanding at an unprecedented clip so that today no one connected to the Internet is immune, from businesses and consumers to governments and private citizens," says Lisa Monaco, Obama's homeland security advisor.

"We are at a transformational moment in the evolution of the cyberthreat," she adds. "The actions we take today, or those that we fail to take, will determine whether cyberspace remains a great international realm of opportunity ... that facilitates commerce and bold new ideas, or whether it becomes, frankly, a strategic vulnerability."

NEW! Download the State of the CIO 2017 report