Obama seeks help from Congress, tech industry to fight cyberattacks

Tech firms have bolstered their security to keep both hackers and government authorities out of private data

President Obama called on lawmakers Friday to pass tougher laws to protect against cyberattacks, and he also aimed part of his plea at business leaders whose help he needs in the fight.

Just before he signed an executive order to promote information-sharing between the private sector and the government, Obama spoke of a "spirit of collaboration" that he maintains would help all sides respond quickly to an attack.

"This has to be a shared mission," Obama said. Because computer networks are held largely by the private sector, "government can't do this alone," he said.

"But the private sector can't do it alone," either, he said during an address at a cybersecurity summit at Stanford University.

A major hurdle standing in the way of collaboration is a lack of trust on the part of business leaders, particularly in the wake of Edward Snowden's revelations about how the government tried to use private companies' systems in spying.

Tech companies have bolstered their security to keep both hackers and government authorities out of private data.

The resulting tension burst into view in the debate over decisions by Apple Inc. and Google Inc. to encrypt data automatically on some of the software they produce.

The moves drew criticism from top U.S. law enforcement and British Prime Minister David Cameron, who complained that it would make such data as call records or photos transferred on an iPhone inaccessible to law enforcement or intelligence officials who want it for investigations.

"You do want the private sector and the government to work together, and they are. But at the same time, there is this huge area where they're not," said Daniel Castro, a senior analyst at the Information Technology & Innovation Foundation, a Washington think tank.

Until those tensions are eased, he said, "we won't have a coherent cybersecurity policy."

"It only works if you trust your partners," he said.

The administration has been trying to open communication with corporate chief executives and board members in an attempt to reassure them about the government's practices, said J. Michael Daniel, Obama's cybersecurity coordinator.

"A company's interest is not always lined up with government's," Daniel said. "We're working very hard to maintain open contact with industry across the board to talk about our shared interests."

Obama's executive order calls for the development of "information-sharing organizations," networks within the private sector that work with government and that can respond quickly to an attack.

The order directs the Department of Homeland Security to develop standards for those networks. It also adds the department to the list of federal agencies that can approve the sharing of classified information with private businesses.

A handful of businesses announced Friday that they would follow some of the president's outlines to protect consumer information and alert officials of data breaches.

Symantec Corp., Intel Corp.'s Intel Security and Fortinet Inc. were among companies agreeing to form a new cyberthreat information-sharing partnership.

Apple, Visa Inc., MasterCard Inc. and Square Inc. announced commitments to promote more secure payment technology, in keeping with an executive order Obama signed in 2014 to advance consumer financial protection.

John Hering, executive chairman and co-founder of the mobile security company Lookout Inc., applauded Obama's order as a step toward solving the problem. But Hering, who attended the summit, cautioned that more work awaits.

"We typically are responding to an attack when the damage has already been done, and the industry talks about being proactive, yet proactive isn't enough. We need to be predictive," he said. "We need to anticipate and mitigate threats before they happen."

Obama recently sent new cybersecurity proposals to Congress, and key White House advisors said they were optimistic that they can get bipartisan support for them.

Still, the president has made it clear that, after years of butting heads with congressional leaders, he's not going to hold off on the use of his unilateral powers in the meantime.

There are few subjects on which it is more important to plow ahead, top advisors said. Cybersecurity is a major concern for the White House as hackers and other nations find increasingly sophisticated ways to disrupt business and steal personal information for financial gain.

Obama is under great pressure to act after attacks against high-profile American companies including Sony Pictures Entertainment, Home Depot Inc. and Anthem Inc.

Republicans want Obama to focus his energy on measures that would require, rather than merely encourage, such information-sharing.

"Unilateral, top-down solutions will not solve America's cyber problems," Cory Fritz, a spokesman for House Speaker John A. Boehner (R-Ohio), said Friday.

Because of the growing risk of cyberintrusions from overseas, Obama has to act with or without Congress, said Darrell West, director of the Center for Tech Innovation at the Brookings Institution.

"It has been hard for Congress to pass cybersecurity due to partisanship and differing views between the parties about the role of government. That is not likely to change soon," West said.

"Given congressional inaction, Obama's executive order is the best way to address cybersecurity. It will help keep things safe and reduce threats from abroad," he said.

christi.parsons@latimes.com

kathleen.hennessey@latimes.com

Parsons reported from Palo Alto and Hennessey from Washington.

Times staff writer Javier Panzar in Los Angeles contributed to this report.

Copyright © 2016, Los Angeles Times
67°