|
 The order sets the stage for new private-sector led "information
sharing and analysis organizations" (ISAOs) - hubs where companies
share cyber threat data with each other and with the Department of
Homeland Security.
It is one step in a long effort to make companies as well as privacy
and consumer advocates more comfortable with proposed legislation
that would offer participating companies liability protection, the
White House said.
"We believe that by clearly defining what makes for a good ISAO,
that will make tying liability protection to sectoral organizations
easier and more accessible to the public and to privacy and civil
liberties advocates," said Michael Daniel, Obama's cyber
coordinator, in a conference call with reporters.
Obama will sign the order at a day-long conference on cybersecurity
at Stanford University in the heart of Silicon Valley.
The move comes as big Silicon Valley companies prove hesitant to
fully support more mandated cybersecurity information sharing
without reforms to government surveillance practices exposed by
former National Security Agency contractor Edward Snowden.
 Cybersecurity industry veterans said Obama's anticipated order would
be only a modest step in one of the president's major priorities -
the defense of companies from attacks like those on Sony and Anthem
Inc.
Obama has proposed legislation to require more information-sharing
and limit any legal liability for companies that share too much.
Only Congress can provide the liability protection through
legislation.
Businesses are unlikely to share a lot of timely and "actionable"
cyber intelligence without liability relief, said Mike Brown, a vice
president with the RSA security division of EMC Corp.
"Until that gets resolved, probably through legislation, I'm not
sure how effective continued information-sharing will be," said
Brown, a retired Naval officer and former cyber official with the
Department of Homeland Security.
Senator Tom Carper, the top Democrat on the Senate Homeland Security
committee, introduced a bill this week that incorporates much of
Obama's plan. But Republicans control Congress, and they have yet to
sign on to the idea.
"This is an urgent matter and we are working with anyone that we can
up on the Hill to make that happen," said Daniel, who had not yet
reviewed Carper's bill.
[to top of second column] |
Getting a bill through Congress will require at least the support of
big Silicon Valley companies such as Google Inc and Facebook Inc.
Those companies, however, have refused to give full support to
cybersecurity bills without some reform of surveillance practices
exposed by Snowden that have hurt U.S. technology companies' efforts
to win business in other countries.
"Obviously there have been tensions," Daniel told reporters.
"But I think that's the kind of thing where the only way to get at
that is to continue to have dialogue and to continue to engage, and
the president has been committed to that," he said.
Google, Facebook and Yahoo are not sending their chief executives to
the Stanford conference because of the rift, according to an
executive at a major technology company. Apple Inc Chief Executive
Tim Cook will give an address.
Obama also will meet privately with some executives on Friday. They
are expected to press again for surveillance reform and support for
strong encryption, which some in the administration have faulted
recently on the grounds that it enables criminals and terrorists to
hide their activity.
Big technology companies and a host of startups have been beefing up
encryption in Snowden's wake to make blanket intelligence collection
overseas more difficult.
(Additional reporting by Roberta Rampton and Jim Finkle; Editing by
Andrew Hay and Sandra Maler)
[© 2015 Thomson Reuters. All rights
reserved.]
Copyright 2015 Reuters. All rights reserved. This material may not be published,
broadcast, rewritten or redistributed.
 |
