President Obama Praises Palo Alto Networks, Intel, Symantec At White House Cybersecurity Summit

President Obama lauded Palo Alto Networks, Symantec and Intel Security on Friday for being committed to a new executive order calling for the creation of information sharing centers designed to speed up the dissemination of actionable threat intelligence.

At the White House Summit on Cybersecurity and Consumer Protection, held at Stanford University in Palo Alto, Calif., Obama signed an executive order directing the creation of new Information Sharing and Analysis Organizations (ISAOs), calling them an essential component to threat information sharing between the public and private sectors.

The ISAOs are intended to ensure that accurate information is disseminated in a standard way, so that businesses and government agencies can measure the risk of a threat and determine whether additional protective measures are required to mitigate the threat.

"It’s one of the great paradoxes of our time that the very technologies that empower us to do great good can also be used to undermine us and inflict great harm," Obama said at the event. "The same information technologies that help make our military the most advanced in the world are targeted by hackers from China and Russia, who go after our defense contractors and systems that are built for our troops. The same social media we use in government to advocate for democracy and human rights around the world can also be used by terrorists to spread hateful ideologies. So these cyber threats are a challenge to our national security."

id
unit-1659132512259
type
Sponsored post

[Related: 10 Security Technologies Gaining From Data Breach Hysteria]

The Cyber Threat Alliance, which includes Palo Alto Networks, Symantec, Intel Security and Fortinet, will build out standards to support the sharing and analysis organizations.

The White House also said that security startup Crowdstrike is creating an ISAO, and network security vendor FireEye is creating an Information Sharing Framework consistent with the ISAO approach.

Cloud-based storage service Box will participate in the standards-development process for ISAOs and The Entertainment Software Association said it plans to create an ISAO.

"We all know what we need to do. We have to build stronger defenses and disrupt more attacks. We have to make cyberspace safer. We have to improve cooperation across the board," Obama said. "The business leaders here want their privacy and their children protected, just like the consumer and privacy advocates here want America to keep leading the world in technology and be safe from attacks."

President Obama's executive order creates private-sector led organizations modeled closely to the Information Sharing and Analysis Centers. The Financial Services (FS-ISAC), one of the most mature and active sharing groups, has limited public sector participation due to the fear that sharing private sector data with federal regulators could result in serious liability issues.

Apple CEO Tim Cook addressed the summit prior to the president’s speech, reaffirming his company's commitment to privacy and security while advocating the Apple Pay mobile payment service at the federal level. A panel of chief executives and technology policy experts also discussed the need to ensure that consumer privacy is protected while cybersecurity measures are bolstered.

Obama signed an executive order in October ordering federal agencies to install modern and more secure payment terminals in place that can support Apple Pay and other mobile payment services.

The private sector needs to develop and gain widespread adoption of new and innovative authentication measures that eliminate passwords, Ajay Banga, president and CEO of MasterCard Inc, said at the event. Biometrics such as voice recognition and new wearable technologies such as an identity bracelet might one day eliminate the need to remember multiple passwords, Banga said.

Insurers which are gaining attention for new cyberinsurance designed to reduce the financial impact of a serious data breach, is in position to get small and midsize businesses to maintain a minimal and acceptable level of security, said Peter Hancock, president and CEO of AIG, at the event.

Insurers won’t underwrite policies to businesses that can’t maintain security best practices, Hancock said.

’We can make it affordable for smaller companies who have rich data sets critical to their future, but don’t have the resources to support the security apparatus that the larger organizations happen to have,’ Hancock said.

AIG, which sells cyberinsurance, currently underwrites 20,000 businesses and 20 million individuals in the event of a data breach or identity theft. It’s still an emerging area and small part of the company’s overall business, but it’s growing significantly, Hancock said.

’Risk transfer is one part of our role but there’s a feedback loop where we choose to ensure people who put in the right controls and have the right culture,’ Hancock said. ’The nature of our advice is very much in a practical way what statistically tends to be the result. Getting the simple things right significantly reduces the severity of loss events.’

Next: Solution Providers Respond To Cybersecurity Push

The NIST Cybersecurity Framework, which was the result of a 2013 Obama executive order on cybersecurity, is being broadly adopted by the private sector, according to the Obama administration. Apple, Bank of America, Intel and other large companies are incorporating the framework. Intel is requiring all its vendors to use the framework by contract.

The Obama Administration has also proposed legislation that would create national data breach notification rules and liability protection to enable Internet service providers, security vendors and other organizations with threat intelligence data to share the information without the fear of consumer lawsuits and regulatory fines.

The proposal calls on the Department of Homeland Security and the Attorney General, in consultation with the Privacy and Civil Liberties Oversight Board, to develop guidelines for the federal government’s sharing of cyber threat indicators. The new ISAOs would support existing effective relationships and is not intended to eliminate or restrict them, the White House said.

Solution providers interviewed by CRN said Obama’s measures come at a time that the public attention on cybersecurity is at its highest levels.

Unfortunately the Obama Administration, which is in its final two years in office, doesn’t have the leverage necessary to get Congress to pass meaningful legislation, said Danny Timmins, president and CEO of Mississauga, Ontario-based security consultancy, NCI.

Congress has consistently failed to pass cybersecurity bills, Timmins said.

Timmins said his organization guides customers using the 20 Critical Security Controls, a framework for establishing security controls, created by the National Security Agency in 2008. The document, currently maintained by the Council on CyberSecurity, a non-profit organization that promotes Internet security. said sometimes, organizations learn through the model that they would get a bigger return on their investment by addressing policy and processes rather than buying the next modern security appliance.

’It’s a measurable and sensible model that helps customers identify through an audit, the critical areas that need addressing,’ Timmins said.