Should the Private Sector Collaborate with Government to Strengthen Cybersecurity?
Earlier this year, U.S. President Barack Obama signed an Executive Order in response to a continued increase in data breaches and cyber attacks on American businesses and organizations. The Executive Order encourages and promotes the sharing of cybersecurity threat information within the private sector and between the private sector and the U.S. government through the creation of information sharing and analysis organizations (ISAOs).
Major private sector technology companies, including Google, Facebook, and Yahoo, have not been generally supportive of the Obama administration’s efforts to bolster cybersecurity. One of the biggest issues that has put the tech giants at odds with the government is the requirement for them to disclose personal consumer information. In order to maintain trust and keep their customers’ business, companies do not want to be seen as weak on protecting private information.
Tim Cook, CEO of Apple, was the only tech leader to attend Obama’s cybersecurity summit held at Stanford University in February, and he had strong words when it came to privacy.
“If those of us in positions of responsibility fail to do everything in our power to protect the right of privacy, we risk something far more valuable than money. We risk our way of life,” said Cook.
From a consumer perspective, there are also serious concerns about civil liberties as a result of a lack of details provided on consumer privacy protection.
“I really don’t see much in the way of specifics about the flow of information from the private sector to government,” said Gabe Rottman, legislative counsel for the American Civil Liberties Union (ACLU).
Privacy and civil liberties have become hot-button issues, especially in the wake of the revelations made by former National Security Agency (NSA) contractor Edward Snowden. Not surprisingly, the private sector and the general public have become far less trusting and far more skeptical of government agencies, especially the NSA, in light of Snowden’s disclosures.
To address the concerns raised by tech firms and civil liberties groups, the Executive Order states that all ISAOs will be expected to abide by a set of voluntary standards that will include protection of privacy. The Executive Order clearly states that “agencies collaborating with ISAOs under this order will coordinate their activities with their senior agency officials for privacy and civil liberties and ensure that appropriate protections for privacy and civil liberties are in place and are based upon the Fair Information Practice Principles.”
“Both businesses and consumers clearly stand to gain from closer collaboration between industry and government,” said Anatoly Kvitnitsky, Corporate Development Director at Trulioo. “For example, companies can share ‘watchlists’ containing information on cyber criminals with other companies and the government in order to quickly detect and prevent future attacks.”
Kvitnitsky believes that by sharing relevant cyber threat information quickly with those under attack as well as those that are investigating and defending against attacks, security gaps can be closed sooner and damage from data breaches can be mitigated. Companies will lose less money to fraud, and consumers’ personal information will be better protected from identity theft.
“We take consumer privacy very seriously and would never compromise civil liberties of citizens,” said Kvitnitsky. “The goal is to join forces with other private sector companies and leverage shared information to combat cybercriminals who understand the vulnerabilities of our current security system and take advantage of our reluctance to collaborate with one another.”
Jeff Zients, director of the White House National Economic Council, told reporters, “Cybersecurity is not just a cost of doing business. It’s the cost of staying in business.”
Without a doubt, decisive action must be taken in order to address the growing problem of cybercrime, not only in the United States, but globally. Perhaps the ISAO model can be used to promote and encourage international cooperation between private and public sectors. Cybersecurity is not just a domestic issue, but one that goes beyond borders, since cyber attacks frequently originate from foreign countries.
What do you think about President Obama’s Executive Order? How should we approach this issue at hand?