Cyber-security Executive Order Encourages Companies To Share Threat Info With Homeland Security


At a Stanford University cyber-security summit on Friday, President Obama is expected to announce yet another executive order bypassing Congress, this time pertaining to Internet security.

The order will require greater information-sharing with government agencies by private companies exposed to security threats, but as USA Today sees it, the most important feature is that the agency taking the lead will be the Department of Homeland Security, not the National Security Agency. USA Today notes that keeping that power out of the hands of the NSA may be an attempt to quell any concerns regarding broad surveillance of civilians. “Given the anger and anxiety that resulted from revelations by Edward Snowden about the extent of NSA surveillance, knowing that Homeland Security is in charge may calm concerns among Valley companies,” the paper notes.

Advocates of the executive order see it as a way to keep protests to tech companies at a minimum, while establishing clear rules for information sharing.

In addition to the concerns of protests from tech companies and their clients, fear of litigation is said to be one of the reasons information about major security incidents, such as the hacking of the Target retail chain, was not more freely shared with law enforcement and other potentially threatened private companies. That problem can only be addressed through congressional action, not executive orders – a view also shared by a spokesman for House Speaker John Boehner, who said that Obama should be working with Congress to pass a comprehensive cyber-security bill, rather than issuing piecemeal executive orders.

It is not clear how much of this executive order will be compulsive in practice.  Theoretically, it merely establishes an information-sharing network that companies are “encouraged” to share threat information with, overseen by Homeland Security but linked into numerous other federal agencies and private sector information-sharing networks. USA Today says the order will also “require the Department of Homeland Security and the Attorney General to develop guidelines for how the government gets, stores, uses and discloses cyberthreat indicators,” which might offer a modicum of reassurance to those concerned about the privacy violations inflicted by the NSA’s data harvesting methods, but would do little to address the lawsuit threats described above.

CNET reports that several large companies have already committed themselves to participate in the new cyber-security framework, including Apple, Intel, Bank of America, AIG, Walgreens, QVC, and Kaiser Permanente.  Other components of the executive order covering increased security for electronic payments have the support of Visa, MasterCard, and American Express. As CNET observes, 2014 was a bad year for hacking, bringing us everything from the attacks on Target, Home Depot, and JP Morgan to the trashing of Sony Pictures.  With the penetration of the massive Anthem insurance network, 2015 isn’t looking much better.

Critics attacked the government for not doing more to protect Sony when it came under attack from what the White House would eventually assert were operatives of a foreign government, North Korea. Big companies are nervous after a year of high-profile hacking stories, and the general public might have become more willing to set aside concerns about personal information being exposed through information-sharing to combat security threats — a very major concern in the past, as it was feared that vigorous investigation of alleged (and not always genuine) abuses would result in too much data about innocent Internet users getting passed around between corporations and government agencies.


Please let us know if you're having issues with commenting.