SAN FRANCISCO (AP) – Responding to unprecedented data breaches and cyberattacks, President Barack Obama is trying to spark alliances between policymakers who want to regulate the online world and tech innovators who traditionally shun Beltway bureaucracies.
In California’s Silicon Valley on Friday, Obama was participating in a White House summit on cybersecurity and consumer protection, joining hundreds of administration officials, tech and other CEOs, law enforcement officials and consumer and privacy advocates. The focus is on encouraging every player to do better at sharing information that can help the private sector prevent and respond to costly and potentially crippling threats to the security of their online networks.
Obama was delivering the keynote address at the daylong event, as well as leading a round-table discussion with a group of business leaders.
J.J. Thompson, CEO and managing director of Rook Security, a consulting firm founded in San Jose, California, said the symbolic significance of the gathering could not be overstated, despite its “dog and pony show” aspects. The summit is being held at Stanford University, a hub of tech innovation.
“Cybersecurity is at the forefront of everyone in America right now, from the Beltway to California,” Thompson said in an interview.
Jeff Zients, a top economic adviser to Obama, said a goal of the summit is to drive home the message that strong cybersecurity can provide companies with a competitive edge.
“Cybersecurity is not a problem for just one or two sectors of the economy,” he told reporters. “All industry sectors and types of businesses face cybersecurity risks.”
Numerous companies, ranging from mass retailers like Target and Home Depot to Sony Pictures Entertainment to health insurer Anthem, have suffered costly and embarrassing data breaches in recent months. The Twitter feed of U.S. Central Command, which oversees military operations in the volatile Middle East, was hacked recently, while the White House reported detecting “activity of concern” last October on the unclassified computer network used by White House staffers.
While a growing cadre of information security experts have for years grappled with cybersecurity as online communications boomed, their concerns have largely been downplayed.
But with record public and private sector data breaches last year – the Identity Theft Resource Center found that 85 million records were exposed last year – the discussion has moved from the tech geeks to policy wonks.
And the federal government itself is struggling: cyberattackers trumped terrorists as the No. 1 threat to national security, according to an annual review by intelligence officials last year.
The Obama administration wants Congress to supersede an existing patchwork of state laws by setting a national standard for when companies must notify consumers that their personal information has been compromised. Obama was signing an executive order Friday to encourage members of the private sector to share information about threats to cybersecurity with each other and with the federal government, but he also wants Congress to pass legislation.
“What we as an industry, spanning across public and private sector security teams, need to improve on is breaking down the silos of ‘how’ and ‘to whom’ threat data and threat intelligence is being shared,” said Barmak Meftah, president of the San Mateo, California, cybersecurity startup AlienVault.
Stanford is in the heart of the Silicon Valley, home to Google, Apple, Facebook, Intel and most other tech leaders. The valley is also a national hub of innovation, with the most patents, venture capital investment and startups per capita in the U.S. The university launched a $15 million initiative in November to research the technical and governance issues involved in maintaining security online.
A sore point for the private sector is that while most states require them to report breaches, the federal government isn’t required to publicize its own data losses.
(Copyright 2015 The Associated Press. All rights reserved. This material may not be published, broadcast, rewritten or redistributed.)