Obama, Tim Cook, Others Debate Sharing Cyber Security Data - InformationWeek

InformationWeek is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Mobile // Mobile Devices
10:06 AM
Connect Directly

Obama, Tim Cook, Others Debate Sharing Cyber Security Data

The Obama White House wants more effective sharing of cyber security data between the public and private sectors. Despite some snubs, Apple's Tim Cook spoke at a special summit on the issue.

8 Wacky Cyberattacks Worse Than Sony Hack
8 Wacky Cyberattacks Worse Than Sony Hack
(Click image for larger view and slideshow.)

Representatives from the public and private sector gathered at Stanford University on Friday, Feb. 13, to call for greater sharing of cyber security information amid lingering mistrust arising from involuntary information sharing programs run by intelligence agencies, both domestic and foreign.

The absence of four top tech leaders invited to the White House Summit on Cyber Security and Consumer Protection -- Facebook CEO Mark Zuckerberg, Google CEO Larry Page, Google executive chairman Eric Schmidt, and Yahoo CEO Marissa Mayer -- may convey something of that mistrust, or may merely reflect scheduling conflicts or expediency.

A Facebook spokesperson confirmed via phone that Zuckerberg is not attending, declining to cite a reason, but noting that Chief Security Officer Joe Sullivan is playing a prominent role at the event.

In an email, a Yahoo spokesperson said, "Our chief information security officer, Alex Stamos, will be representing Yahoo today. Given the focus of the conversation, it made the most sense to have Alex lead on our behalf."

Google did not respond to a request to clarify why Page declined to attend.

Yet, characterizing nonattendance as a snub sounds plausible because of past statements these executives have made framing governments themselves as security threats. Zuckerberg last year published an open letter criticizing the US government for the damage it has done through indiscriminate information-gathering.

Zuckerberg wrote that he was "confused and frustrated by the repeated reports of the behavior of the US government," a reference to Edward Snowden's revelations about the scope and audacity of data gathering by the US and its allies.

"When our engineers work tirelessly to improve security, we imagine we're protecting you against criminals, not our own government," he wrote. "The US government should be the champion for the Internet, not a threat. They need to be much more transparent about what they're doing, or otherwise people will believe the worst."

Page and Mayer last year expressed similar sentiment.

It's not just the US government's intelligence operations that concern private companies. The 2010 Operation Aurora cyberattack on Google and dozens of other companies was linked to hackers with ties to China's military.

At the same time, it's too simplistic to see private industry and government authorities as opposing sides.

The technology industry does not have a unified position with regard to data sharing and privacy, which figures into cyber security. Apple CEO Tim Cook, in his Summit speech, sounded a familiar theme by suggesting that Apple's "straightforward business model based on selling the best products" is fundamentally better for privacy and security than advertising-based business models, like those used by Facebook and Google.

But beyond disagreements about business models, private and public sector companies have reason to seek better sharing of threat data, something both have striven to do for decades. The simple reason is that each needs the other to make cyber security more effective.

Thus, Facebook earlier this week launched ThreatExchange, an API for sharing threat data. And both Google and Yahoo, through the trade group TechNet, have backed the Cyber Intelligence Sharing and Protection Act, now working its way through the legislative process. Despite the mistrust, there's common ground too.

Speaking at Stanford, President Obama emphasized that common ground when he introduced a set of legislative proposals to improve cyber security, including one that seeks to codify mechanisms for sharing cyber security information between the public and private sector.

"Just as we're all connected like never before, we have to work together like never before," Obama said. "...The very technology that empowers us to do great good can also undermine us and do great harm."

Earlier this week, the administration announced the creation of its Cyber Threat Intelligence Integration Center. And at the Summit, President Obama signed a new executive order to promote better cyber security information sharing.

[The Anthem breach holds lessons for IT. Here's what your business should learn.]

But there's doubt sharing threat information is really the optimal way to improve cyber security. In a statement, Kevin Bankston, policy director of New America's Open Technology Institute, said that in light of the revelations about mass surveillance, the White House should focus on working with Congress to pass surveillance reform rather than providing the NSA with more information in the name of cyber security.

"In the wake of the Sony cyber incident, the Administration is clearly under pressure to take action on cyber security," said Bankston. "But we should remember that the attacks on Sony were made possible due to that company's poor security practices and outdated software, not due to a lack of information sharing."

Attend Interop Las Vegas, the leading independent technology conference and expo series designed to inspire, inform, and connect the world's IT community. In 2015, look for all new programs, networking opportunities, and classes that will help you set your organization’s IT action plan. It happens April 27 to May 1. Register with Discount Code MPOIWK for $200 off Total Access & Conference Passes.

Thomas Claburn has been writing about business and technology since 1996, for publications such as New Architect, PC Computing, InformationWeek, Salon, Wired, and Ziff Davis Smart Business. Before that, he worked in film and television, having earned a not particularly useful ... View Full Bio

We welcome your comments on this topic on our social media channels, or [contact us directly] with questions about the site.
Comment  | 
Print  | 
More Insights
Newest First  |  Oldest First  |  Threaded View
User Rank: Apprentice
2/22/2015 | 9:42:44 AM
fighting againest cyber security
yes fighting againest cyber security is an awsome thing and this is going to be awsome step 
User Rank: Ninja
2/17/2015 | 9:12:07 PM
Re: Build a more united front against intruders
Charlie, fighting cyber criminals with federal resources is one thing. But having the federal government mandate a certain level of security for public and private corporations is another. Sure, nuclear power plants, airports and other essential utilities should be forced to have the utmost in security. I would throw banks in there, as the financial system is essentially for modern society to function. But a mid-market widget manufacturing company? A large consumer goods company?
Charlie Babcock
Charlie Babcock,
User Rank: Author
2/17/2015 | 4:48:48 PM
Build a more united front against intruders
An obligatory sharing of information on threats, their nature and their counter measures, sounds like a good idea. There needs to be more of a united front against the people eager to exploit the vulnerabilities and thieving opportunities found on the Internet. Buying all the latest security software available shouldn't be the best answer. We don't fight the Mafia through small town police departments.  
User Rank: Ninja
2/16/2015 | 10:20:09 PM
Re: Threat but also opportunity
Pedro, the government is in no position to really enforce any sort of cyber security risk management on companies. Look at how natural catastrophes are managed. Sure, building codes are mandated locally but generally the impetus to protect oneself against hurricanes or earthquakes is driven by market signals like insurance.
User Rank: Ninja
2/16/2015 | 11:14:17 AM
Re: Threat but also opportunity
I really agree with the last point of the article. May be the government role is to place policies that will force companies to improve their security infrastructure. I think with the amount of cyberattacks being publicize on local news and the amount of personal information that people can made available online.  It is to the advantage of everyone to collaborate on some areas to deter and help minimize the impact of such threats in our daily life.
User Rank: Ninja
2/14/2015 | 9:27:06 PM
Threat but also opportunity
The US government is clearly a target for attackers, which is a threat. But at the same time, I think the government has an opportunity to step up and be a leader on cybersecurity issues. I don't know if it is the right message to not go after state-sponsored cyberattacks. I thihk that needs to be reigned in. 
The Best Way to Get Started with Data Analytics
John Edwards, Technology Journalist & Author,  7/8/2020
10 Cyberattacks on the Rise During the Pandemic
Cynthia Harvey, Freelance Journalist, InformationWeek,  6/24/2020
IT Trade Shows Go Virtual: Your 2020 List of Events
Jessica Davis, Senior Editor, Enterprise Apps,  5/29/2020
White Papers
Register for InformationWeek Newsletters
Current Issue
Key to Cloud Success: The Right Management
This IT Trend highlights some of the steps IT teams can take to keep their cloud environments running in a safe, efficient manner.
Flash Poll