In response to acts of cyberterrorism, such as the recent Sony hack, Obama has called for greater cooperation and information sharing between private companies and the government, in order to combat these threats. Obama has signed an executive order creating the National Cybersecurity and Communications Integration Center, which will help tech companies exchange information with the Department of Homeland Security.
Several companies are already on board with this information sharing proposal including those in the Cyber Threat Alliance, which contains several companies such as Palo Alto Networks, Symantec, Intel Security and Fortinet. The Entertainment Software Association is also on board with this information sharing. The ESA represents several of the major game developers and publishers in the United States, including Microsoft and Sony's game divisions. With this move, much of the video game industry is effectively signed on for this information sharing plan.
According to the White House several more companies have agreed to use a framework that would facilitate information sharing but haven't agreed to full information sharing yet. These companies include Apple, Intel, Bank of America, US Bank, Pacific Gas & Electric, AIG, QVC, Walgreens, and Kaiser Permanente.
Not all companies are quite so willing to go along with this however. Some have serious privacy concerns about sharing data with the government. Yahoo, Google, and Facebook all sent security experts to a conference where Obama announced the project, but apparently the 3 companies had concerns about privacy and wanted to, "assure their users or customers that their products are secure and that they don’t willingly turn over data to the government."
The administration is hoping this executive order will be a first step and that Congress will eventually pass a law to facilitate further cooperation between the government and the private sector on this issue. Of particular note, a law passed by Congress could contain an immunity clause, which can't be offered by executive order. When companies are sharing private data with the government they are supposed to remove any identifying information that is not relevant to the investigation. An immunity clause would let them escape liability if they accidentally shared information they weren't supposed to. If such a law were passed it may make certain companies more willing to take part in an information sharing program but it would weaken the protections of users privacy.
Do you see this as a positive step towards combating cyber threats? Leave your comments below.
