STANFORD, Calif.—Since the current president took office in 2009, the U.S. federal government has been pushing buttons to promote cooperation among law enforcement, the military, the private sector and its own agencies to band together and share information in order to stop—or least slow down—the increasing number of security breaches happening in the world.
Cyber-security problems are running amok, with theft and fraud causing billions of dollars in losses to business and individuals. So this is certainly a tall order. But talk is moving to action. On Feb. 13, the White House enacted an executive order for this back-channel cooperation to actually get moving in real time.
The order is nowhere near a law or regulation; it's merely a strong suggestion from the leader of the free world for organizations to invest in improving cyber-security defenses, become proactive in helping each other out when crises arise and not be shy about asking the federal government for assistance.
Obama Calls for Password Workaround
Keynoting the first White House Summit on Cyber-Security and Consumer Protection here at Memorial Auditorium on the Stanford University campus, President Barack Obama signed the order before a capacity audience of Silicon Valley executives, invited guests and members of the media.
"We have a lot more work to do to solve these problems, which are causing billions of dollars' worth of loss in our economy each year," Obama said. "We need all of us to work together to achieve what none of us can achieve alone. And it's hard. Some of these issues have defied solutions for years.
"For example, we need to better authenticate user identities because it's just too easy for hackers to figure out user names and passwords ... like 'password' or '1-2-3-4-5 ... 7.' Those are some of my previous passwords," the president joked. "But I've changed them since then!"
The White House strategy includes starting up new information-sharing groups, called hubs, which are built around vertical industry sectors. The idea is to create industry-driven cyber-security information-sharing networks before breaches happen, so when intruders do hit one of the members, faster reaction and containment can take place. Some of these hubs are already in operation, Obama said.
Order Is a 'Necessary Precondition' for Cyber-security Success
"This is a necessary precondition to tackling our cyber-security problems," J. Michael Daniel, cyber-security coordinator at the White House, told eWEEK. "We're not going to solve all of the really sophisticated actors or defeat all the advanced persistent threats just by increasing information sharing. But we have seen industries that have increased their information sharing—such as in the financial services industry—and that does make a meaningful difference in being able to cut out a lot of the low-level attacks and intrusions. When you do that, then you can focus your humans on the more sophisticated intruders.
"I see this as a sort of baseline for us just to stay in the game."
The order, Daniel explained, specifically recommends the following:
1. It identifies best practices and standards for what constitutes optimal information-sharing units within vertical industries, and measures effectiveness of communication.
2. It fixes some internal communications within the federal government to make it clear that the part of the Department of Homeland Security that deals with cyber-security has the appropriate accesses to various other agencies when it comes to protecting critical infrastructure security.
3. It fixes an outdated executive order that deals with industrial security clearances in order to communicate with the private sector more effectively.
In his 22-minute address, the president called on all organizations and individuals who use the Internet —which is now about 98 percent of the world —to revisit their current security safeguards, become more aware of how intrusions can happen and help others when called upon.