In a move the White House says will help “quickly identify and protect against cyber threats,” President Obama will sign an executive order today urging companies that come under attack to share information about the threat with both other companies and the government.
The effort will be a chief topic Friday, when Obama meets with representatives of a wide range of companies, consumer advocates and law enforcement in Palo Alto, Calif.
The Obama administration is promoting a framework for sharing information about cyberthreats, hoping to prevent or limit attacks like those that recently hit Sony, Anthem Inc. and other companies.
The new executive order encourages businesses to form “information sharing and analysis organizations,” or ISAOs, which would gather data about hacking attacks and share it with companies and the government.
From San Francisco, NPR’s Aarti Shahani reports that Friday’s cybersecurity summit at Stanford University will include experts from the credit card and banking industry, along with those from health care companies and utilities such as electricity and gas.
“The White House expects a thousand people here,” Aarti says, “to talk about what they are doing — or can do — to protect digital life.”
As for what happens to compromised data after it’s stolen, Aarti has a story about that process on today’s Morning Edition.
The speakers will include Apple CEO Tim Cook, she reports, who’ll likely talk about mobile payments.
Apple is one of several firms that the White House says have embraced the Cybersecurity Framework that was announced Thursday. The administration provides this summary of new developments:
- Intel is releasing a paper on its use of the Framework and requiring all of its vendors to use the Framework by contract.
- Apple is incorporating the Framework as part of the broader security protocols across its corporate networks.
- Bank of America will announce that it is using the Framework and will also require it of its vendors.
- U.S. Bank and Pacific Gas & Electric are announcing that they are committed to using the Framework.
- AIG is starting to incorporate the NIST framework into how it underwrites cyber insurance for large, medium-sized and small businesses and will use the framework to help customers identify gaps in their approach to cybersecurity.
- QVC is announcing that it is using the Cybersecurity Framework in its risk management.
- Walgreens is announcing its support for the Cybersecurity Framework and that it uses it as one of its tools for identifying and measuring risk.
- Kaiser Permanente is committing to use the Framework.
The new initiatives will need to balance customers’ privacy rights with the need to stop repeated hacking attacks. A White House statement says the president’s order “ensures that information sharing enabled by this new framework will include strong protections for privacy and civil liberties.”
“Skeptics are watching to see what the president has to say about digital privacy,” Aarti reports, “and the limits of government access to tech company data.”