Obama, Tim Cook, Others Debate Sharing Cyber Security Data - InformationWeek

InformationWeek is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Mobile // Mobile Devices
10:06 AM
Connect Directly

Obama, Tim Cook, Others Debate Sharing Cyber Security Data

The Obama White House wants more effective sharing of cyber security data between the public and private sectors. Despite some snubs, Apple's Tim Cook spoke at a special summit on the issue.

8 Wacky Cyberattacks Worse Than Sony Hack
8 Wacky Cyberattacks Worse Than Sony Hack
(Click image for larger view and slideshow.)

Representatives from the public and private sector gathered at Stanford University on Friday, Feb. 13, to call for greater sharing of cyber security information amid lingering mistrust arising from involuntary information sharing programs run by intelligence agencies, both domestic and foreign.

The absence of four top tech leaders invited to the White House Summit on Cyber Security and Consumer Protection -- Facebook CEO Mark Zuckerberg, Google CEO Larry Page, Google executive chairman Eric Schmidt, and Yahoo CEO Marissa Mayer -- may convey something of that mistrust, or may merely reflect scheduling conflicts or expediency.

A Facebook spokesperson confirmed via phone that Zuckerberg is not attending, declining to cite a reason, but noting that Chief Security Officer Joe Sullivan is playing a prominent role at the event.

In an email, a Yahoo spokesperson said, "Our chief information security officer, Alex Stamos, will be representing Yahoo today. Given the focus of the conversation, it made the most sense to have Alex lead on our behalf."

Google did not respond to a request to clarify why Page declined to attend.

Yet, characterizing nonattendance as a snub sounds plausible because of past statements these executives have made framing governments themselves as security threats. Zuckerberg last year published an open letter criticizing the US government for the damage it has done through indiscriminate information-gathering.

Zuckerberg wrote that he was "confused and frustrated by the repeated reports of the behavior of the US government," a reference to Edward Snowden's revelations about the scope and audacity of data gathering by the US and its allies.

"When our engineers work tirelessly to improve security, we imagine we're protecting you against criminals, not our own government," he wrote. "The US government should be the champion for the Internet, not a threat. They need to be much more transparent about what they're doing, or otherwise people will believe the worst."

Page and Mayer last year expressed similar sentiment.

It's not just the US government's intelligence operations that concern private companies. The 2010 Operation Aurora cyberattack on Google and dozens of other companies was linked to hackers with ties to China's military.

At the same time, it's too simplistic to see private industry and government authorities as opposing sides.

The technology industry does not have a unified position with regard to data sharing and privacy, which figures into cyber security. Apple CEO Tim Cook, in his Summit speech, sounded a familiar theme by suggesting that Apple's "straightforward business model based on selling the best products" is fundamentally better for privacy and security than advertising-based business models, like those used by Facebook and Google.

But beyond disagreements about business models, private and public sector companies have reason to seek better sharing of threat data, something both have striven to do for decades. The simple reason is that each needs the other to make cyber security more effective.

Thus, Facebook earlier this week launched ThreatExchange, an API for sharing threat data. And both Google and Yahoo, through the trade group TechNet, have backed the Cyber Intelligence Sharing and Protection Act, now working its way through the legislative process. Despite the mistrust, there's common ground too.

Speaking at Stanford, President Obama emphasized that common ground when he introduced a set of legislative proposals to improve cyber security, including one that seeks to codify mechanisms for sharing cyber security information between the public and private sector.

"Just as we're all connected like never before, we have to work together like never before," Obama said. "...The very technology that empowers us to do great good can also undermine us and do great harm."

Earlier this week, the administration announced the creation of its Cyber Threat Intelligence Integration Center. And at the Summit, President Obama signed a new executive order to promote better cyber security information sharing.

[The Anthem breach holds lessons for IT. Here's what your business should learn.]

But there's doubt sharing threat information is really the optimal way to improve cyber security. In a statement, Kevin Bankston, policy director of New America's Open Technology Institute, said that in light of the revelations about mass surveillance, the White House should focus on working with Congress to pass surveillance reform rather than providing the NSA with more information in the name of cyber security.

"In the wake of the Sony cyber incident, the Administration is clearly under pressure to take action on cyber security," said Bankston. "But we should remember that the attacks on Sony were made possible due to that company's poor security practices and outdated software, not due to a lack of information sharing."

Attend Interop Las Vegas, the leading independent technology conference and expo series designed to inspire, inform, and connect the world's IT community. In 2015, look for all new programs, networking opportunities, and classes that will help you set your organization’s IT action plan. It happens April 27 to May 1. Register with Discount Code MPOIWK for $200 off Total Access & Conference Passes.

Thomas Claburn has been writing about business and technology since 1996, for publications such as New Architect, PC Computing, InformationWeek, Salon, Wired, and Ziff Davis Smart Business. Before that, he worked in film and television, having earned a not particularly useful ... View Full Bio

We welcome your comments on this topic on our social media channels, or [contact us directly] with questions about the site.
Comment  | 
Print  | 
More Insights
Newest First  |  Oldest First  |  Threaded View
Charlie Babcock
Charlie Babcock,
User Rank: Author
2/17/2015 | 4:48:48 PM
Build a more united front against intruders
An obligatory sharing of information on threats, their nature and their counter measures, sounds like a good idea. There needs to be more of a united front against the people eager to exploit the vulnerabilities and thieving opportunities found on the Internet. Buying all the latest security software available shouldn't be the best answer. We don't fight the Mafia through small town police departments.  
InformationWeek Is Getting an Upgrade!

Find out more about our plans to improve the look, functionality, and performance of the InformationWeek site in the coming months.

Becoming a Self-Taught Cybersecurity Pro
Jessica Davis, Senior Editor, Enterprise Apps,  6/9/2021
Ancestry's DevOps Strategy to Control Its CI/CD Pipeline
Joao-Pierre S. Ruth, Senior Writer,  6/4/2021
IT Leadership: 10 Ways to Unleash Enterprise Innovation
Lisa Morgan, Freelance Writer,  6/8/2021
White Papers
Register for InformationWeek Newsletters
Current Issue
Planning Your Digital Transformation Roadmap
Download this report to learn about the latest technologies and best practices or ensuring a successful transition from outdated business transformation tactics.
Flash Poll