Obama meets with CEOs to push cyber-security legislation

WASHINGTON — President Obama met with more than a dozen corporate chief executives to seek their support for stalled cyber-security legislation amid increasing evidence that government agencies, businesses and individuals are vulnerable to computer network break-ins.

The closed-door session Wednesday at the White House came a day after the nation’s top intelligence officials warned in a Senate hearing that cyber attacks and digital spying have eclipsed terrorism as the top threat to national security. They said the chance of a major attack is remote in the near term, but digital thefts of intellectual property are putting U.S. competitiveness at risk.


As if on cue, authorities reported numerous new cyber attacks Wednesday, and hackers believed to be operating from servers in Russia posted online what appeared to be personal financial information about former Republican presidential nominee Mitt Romney, golfer Tiger Woods and others.

The FBI is investigating whether credit reports, banking information and other financial information from Vice President Joseph Biden and First Lady Michelle Obama were illegally obtained and published online Tuesday. Also that day, hackers posted financial data that appears to be from former Secretary of State Hillary Rodham Clinton, Atty. Gen. Eric Holder, FBI Director Robert Mueller III and Los Angeles Police Chief Charlie Beck.

“What is absolutely true is that we have seen a steady ramping up of cyber-security threats,” Obama said on ABC’s “Good Morning America.” “Some are state-sponsored. Some are just sponsored by criminals.”

A wave of computer attacks also targeted New York’s JPMorgan Chase & Co., the nation’s biggest bank. Hackers bombarded the Chase website with phony requests, blocking legitimate customers from Internet access to their bank accounts Tuesday and early Wednesday.

No customer data was compromised, and the bank’s mobile, telephone and ATM networks continued to function, spokesman Michael Fusco said.

A group identifying itself as Izz ad-Din al-Qassam Cyber Fighters has mounted denial-of-service attacks against American banks off and on since September. The group, based in the Middle East, says the attacks are retaliation for an online video, produced last year by amateur U.S. filmmakers, that mocks the prophet Muhammad.

Obama issued an executive order Feb. 12 to enable greater sharing of classified intelligence on cyber threats with qualified companies that own or operate crucial infrastructure, including chemical plants, electric grids and water systems.

Facing deep opposition from industry, however, Congress has refused to pass White House-backed legislation that would require companies to meet mandatory cyber-security standards. Even after the bill was scaled back, and the standards were made voluntary, the bill twice failed to pass the Democrat-controlled Senate.

The recent burst of cyber thefts and disruptions comes after the release of a report by Mandiant Corp., a Virginia computer security company, that alleged a secretive unit of the Chinese military was conducting broad cyber attacks on U.S. companies, said James Lewis, a cyber security expert at the Center for Strategic and International Studies, a think tank in Washington.

The Mandiant report cleared the way for Obama and his aides to publicly accuse China of directing, or at least allowing, illicit attacks. China denies that it uses hackers to steal intellectual property from the West.

“We’ve made it very clear to China and some other state actors that, you know, we expect them to follow international norms and abide by international rules,” Obama told ABC. “And we’ll have some pretty tough talk with them. We already have”

Also driving the current concern is growing evidence that foreign-based hackers are destroying systems, not just stealing data, said Alan Paller, director of research at the SANS Institute, a computer training center in Bethesda, Md.

One reason to bring corporate executives to the ultra-secure Situation Room, Lewis said, is that Obama can share classified information about how their computer networks have been compromised.

“This is a trick they have used in the past,” Lewis said. “Bring in defense company CEOs, give them temporary security clearance for a classified briefing, and they turn pale and faint when they find out what has been taken.”

Los Angeles cyber-security expert Philip Lieberman, who consults for some of the companies that took part in the meeting, said Obama was trying to persuade the CEOs to spend more on network security and to work more closely with the federal government against cyber threats.

“The administration is trying to get support from private industry to probe systems on a regular basis so that foreign interests have a tougher time breaking in and disrupting the economy,” he said.

The CEOs who met with Obama were Ursula Burns of Xerox Corp; Rex Tillerson of Exxon Mobil Corp.; Jamie Dimon of JPMorgan Chase & Co.; Nicholas Akins of American Electric Power Co.; Wesley Bush of Northrop Grumman Corp.; Clarence Cazalot Jr. of Marathon Oil Corp.; David M. Cote of Honeywell International Inc.; D. Scott Davis of United Parcel Service Inc.; David Melcher of Exelis Inc.; Brian Moynihan of Bank of America Corp.; Eric Spiegel of Siemens Corp.; Randall Stephenson of AT&T; Inc.; and Maggie Wilderotter of Frontier Communications Corp.

Emerging from the meeting, Cote said the group recognized the threat, but appeared wary of new regulations.

“I think we all agreed that we want as light a government touch on this as possible,” Cote told CNBC. “All of us recognize there’s going to be a need for legislation here. We want to be able to make sure that it’s done intelligently, smartly, working together, so that we get that light touch that allows flexibility and effectiveness.”

Dilanian reported from Washington; Guynn from San Francisco. Times staff writers E. Scott Reckard in Los Angeles and Kathleen Hennessey in Washington contributed to this report.