Feeds

Obama cybersecurity order mandates better information sharing

DHS gets ready to open up to private sector

  • alert
  • submit to reddit

Next gen security for virtualised datacentres

RSA 2013 President Obama's executive order on cybersecurity means security officers at critical infrastructure companies will get greater clearances from the government to access its information, says a Department of Homeland Security honcho.

The "unprecedented" executive order, which Obama revealed during his State of the Union address, will mean the government will give the private sector much more information about the threat landscape, DHS deputy undersecretary for cybersecurity Mark Weatherford said in a speech at the Cloud Security Summit in San Francisco on Monday.

The DHS is going to give more people at critical infrastructure companies security clearances so they can access greater amounts of government information about the "hundreds of thousands" of threats that the government profiles, he said.

This will let the government brief them on some of the "sensitive" threats it sees "that we can't sanitize and issue more broadly," Weatherford said.

It will give these companies information on attack signatures, he said, as well as the inside scoop on some effective countermeasures that the government has developed.

Along with this, the exec order means the DHS will work on its own internal bureaucratic processes to make sure it can tell the private sector about more of the threats about which it is informed, rather than letting them all disappear into a classified bucket that never gets shared with anyone.

"When I was in the private sector, that was the one thing I wanted more than anything else – if you have threat information that affects me, I need to know it," Weatherford said.

Besides sharing more information, Weatherford revealed that the DHS will work closely with the National Institute for Science and Technology (NIST) to co-develop standards with the private industry to help companies stay secure.

"We are going to establish this framework that is voluntary, that will provide a baseline so people can aim for something they don't have now," he said.

Words like "voluntary" when combined with security fill The Register with concern. Although the executive order sounds very impressive, the onus will be on companies to follow best security practice to get all of this to work – something that even top tech companies seem to find quite difficult. ®

The essential guide to IT transformation

More from The Register

next story
Goog says patch⁵⁰ your Chrome
64-bit browser loads cat vids FIFTEEN PERCENT faster!
Chinese hackers spied on investigators of Flight MH370 - report
Classified data on flight's disappearance pinched
NIST to sysadmins: clean up your SSH mess
Too many keys, too badly managed
Scratched PC-dispatch patch patched, hatched in batch rematch
Windows security update fixed after triggering blue screens (and screams) of death
Researchers camouflage haxxor traps with fake application traffic
Honeypots sweetened to resemble actual workloads, complete with 'secure' logins
Attack flogged through shiny-clicky social media buttons
66,000 users popped by malicious Flash fudging add-on
prev story

Whitepapers

Best practices for enterprise data
Discussing how technology providers have innovated in order to solve new challenges, creating a new framework for enterprise data.
Implementing global e-invoicing with guaranteed legal certainty
Explaining the role local tax compliance plays in successful supply chain management and e-business and how leading global brands are addressing this.
Advanced data protection for your virtualized environments
Find a natural fit for optimizing protection for the often resource-constrained data protection process found in virtual environments.
How modern custom applications can spur business growth
Learn how to create, deploy and manage custom applications without consuming or expanding the need for scarce, expensive IT resources.
High Performance for All
While HPC is not new, it has traditionally been seen as a specialist area – is it now geared up to meet more mainstream requirements?