An NSA spy, a Fed and a sysadmin walk into a bar – that's Prez Obama's new cyber-security order
You and me, simultaneously swapping stories of hackers
President Barack Obama has signed an executive order that will attempt to protect America's crucial computer networks by sharing knowhow between g-men and techies.
The new order instructs federal agencies to set up a clearing house of real-time, up-to-the-minute information on what's menacing US infrastructure. Companies running those networks and systems will be able to look into the intelligence stream, get an idea of what's about to hit them, and beef up their defenses accordingly. This is assuming the system works as described.
This sharing of information is supposed to go two ways: businesses can use the clearing house to tip off the Feds about threats that everyone ought to know about, we're told.
What exactly counts as security-related information that must be shared, and what private data must not be exchanged, is not clear at this stage.
The order also calls for a full assessment of America's weak points in its computer security – and how they can be corrected.
"This has to be a shared mission. So much of our computer networks and critical infrastructure are in the private sector, which means government can't do this alone," Prez Barry said in a speech at Stanford University today, moments before signing off the order.
"But the fact is that the private sector can't do it alone either, because it's government that often has the latest information on new threats. There's only one way to protect America from these cyber threats and that is through government and industry working together, sharing appropriate information, as true partners."
Rights-warriors at the EFF are not impressed by politicians' efforts to push through security information sharing – for one thing, there already are ways for companies to swap stories.
There was no mention of the NSA at all in his entire 30-minute speech; instead, Obama said privacy needed to be protected. His order calls on the chief privacy officer of the US Department of Homeland Security to look into this troublesome thing (privacy, not the NSA) and report back in a year, so that's all right then.
Basically, the executive order looks very like the CISPA information sharing legislation that is having such a problem getting through Congress at the moment. There are limits to what can be accomplished with an executive order, however.
CISPA would limit the liability companies face from customers who aren't happy about having their data given to the government as part of this intelligence sharing. The executive order does not shield businesses in this way.
"We need Congress to send a bill to the president that gives businesses legal certainty that they have a safe harbor against frivolous lawsuits when voluntarily sharing and receiving threat indicators and countermeasures in real time and taking actions to mitigate cyber-attacks," said the American Banking Association in a statement after Obama's speech.
An 'almost unique' President
Executive order aside, with his Marine One helicopter parked outside, Obama's Stanford speech was a mix of bland reassurances and hyperbole. He said that the US was positioned to lead the world into the 21st century (something which must have caused amusement in Beijing) and that America was "almost unique" in being able to innovate online.
He also took time for some gags (jokes, not NSL banning orders) saying he had been told that the Stanford students would "talk geeky" to him and suggesting that he should wear a pair of thick-rimmed glasses mended with tape in order to fit in. But it wasn't this that has some section of the tech community being standoffish.
Although they were invited, neither Google, Facebook, nor Yahoo! attended Friday's get-together. After having been burned so badly by the NSA snooping around their data centers, none of the firms is quite ready to play nice with executive orders. They want balanced legislation on the books, instead.
Apple's Tim Cook was present, however, and gave a 15-minute Apple advert immediately preceding the president. Most of it was a rehash of the self-promotion and Google-bashing the Goldman Sachs technology conference heard on Tuesday, but he did stray off script with a trenchant warning.
"We live in a world where all people are not treated equally, too many don't feel free to practice their religion, express their own opinions, or love who they choose," he said.
"Information can make the difference between life and death. If those of use fail to do everything in our power to protect privacy then we risk something more valuable than money – we risk our way of life. Luckily, technology gives us the tools to avoid these risks."
Technology like the power-off button on your iPhone, right Tim? ®
Sponsored: Becoming a Pragmatic Security Leader