Obama signs order on cybersecurity information sharing

Chuck Bednar for redOrbit.com – Your Universe Online

A new executive order signed by President Obama on Friday is designed to encourage private-sector firms and the government to share information about potential cyber-threats.

According to Wired, the president said that the order “calls for a common set of standards, including protection for privacy and civil liberties,” and should make it easier for companies to gain access to the classified cyber-threat information they need to help protect themselves.

The order, which was signed by Obama following his speech at a White House cybersecurity summit at Stanford University, places the US Department of Homeland Security as the agency in charge of distributing the information. That move, the website explained, was likely designed to quell concerns that the National Security Agency would play a key role in the process.

Instead of the NSA, which has come under fire for its surveillance practices in recent years, the DHS will be in charge of collecting and disseminating data to the appropriate government groups and private-sector entities through Information Sharing and Analysis Organizations.

These organizations are various groups comprised of companies, federal agencies and non-profits with a common interest in various sectors (financial, energy, etc.) so that they can share information deemed relevant to keeping them safe. Furthermore, the DHS will be required to work with the attorney general to develop guidelines for collecting and sharing the data.

The shared information, Wired explained, would include anything deemed to be an “indicator of compromise,” including but not limited to malware samples, phishing emails, the IP addresses of those launching the attacks and any other information about how systems become compromised.

However, the executive order “does not give companies protection from liability when they share information; lawmakers will have to do that through legislation,” the website added. In the case of civil liberties, the executive order states that private sector ISAOs would be asked to adhere to “a common set of voluntary standards, which will include privacy protections.”

President Obama did not elaborate on what privacy and civil liberty protections would be put into place for the information sharing. He also described the executive order as a “framework,” according to NBC News. Its signing comes just days after the creation of a new Cyber Threat Intelligence Integration Center that will collect threat information and disseminate analysis.

“Hopefully the rules will prohibit the use of the information shared being used for surveillance,” Greg Nojime, senior counsel with the Center for Democracy and Technology in Washington DC, told USA Today. He added that the intent of the executive order is to establish a process for creating the rules governing information sharing between the privacy sector and the government.

Cory Fritz, a spokesman for House Speaker John Boehner, responded to the executive order by stating that “unilateral, top-down solutions will not solve America’s cyber problems.” He added that, instead of signing the order, the president should support cybersecurity bills that had been passed by members of the House in the last Congress.

—–

Follow redOrbit on Twitter, Facebook, Instagram and Pinterest.