White House Summit on Cybersecurity and Consumer Protection
Many of the nation's leading cyber, data and privacy experts convened today at a White House Summit at Stanford University to discuss ways to improve our nation's cybersecurity. During the summit, President Obama signed an executive order to promote private sector cybersecurity information sharing. The summit focused on the following key areas:
- Public-Private Partnerships
- Protecting Consumers
- Making good security part of good business
- Securing payment systems
Summit participants also explored information sharing, law enforcement issues, international cooperation, moving beyond passwords for authentication, and what's next in the word on technology security. Speakers included: President Barack Obama, Lisa Monaco of the National Security Council, Jeff Zients of the National Economic Council, Jeh Johnson – the Secretary of Homeland Security, Penny Pritzker – the Secretary of Commerce as well as many private sector participants. The summit follows a White House consumer financial protection event held at the Consumer Financial Protection Bureau (CFPB) in Washington, D.C. in October of 2014 where President Obama signed an EO entitled Improving the Security of Consumer Financial Transactions.
New Executive Order on Information Sharing
During the summit, President Obama signed an executive order that builds upon Executive Order 13636, Improving Critical Infrastructure Cybersecurity, by expanding beyond critical infrastructure. The new executive order focuses on cybersecurity information sharing between the private sector and federal government:
- Private Sector Call to Action: The executive order encourages the private sector to form Information Sharing and Analysis Organizations (ISAOs). ISAOs would be focused on domestic cybersecurity information sharing. ISAOs will be similar to Information Sharing and Analysis Centers (ISACs), but will not necessarily be industry specific and instead could be regional or threat specific.
- ISAO Standard Development: The executive order direct DHS to issue an RFP for an organization to develop baseline standards for ISAOs.
- DHS Authority to Work with ISAOs: The executive order provides the NCCIC authority to enter into agreements ISAOs so long as they meet certain security requirements. There will not be a federal certification requirement for ISAOs to work with DHS.
- Security Clearance Reforms: The executive provides DHS the authority to provide clearances to individuals working with ISAOs.
The White House is also calling on Congress to enact cybersecurity legislation that compliments and enhances his executive actions.