Figures in US business, cyber-security and administration including President Barack Obama were at Stanford University in California, for a ’White House Summit’ on Cybersecurity and Consumer Protection. The Friday, February 13 conference brought together leaders from Congress, industry, tech companies and law enforcement.
President Obama remarked that the US nation is doing more business online than ever, at the rate of trillions of dollars each year. And consumers are doing more online as well — managing bank accounts, shopping, paying bills, handling medical records, just to name a few. But, these new opportunities and conveniences bring risks. He said: “When companies get hacked, Americans’ personal information, including their financial information, gets stolen,” the President explained. “Identity theft can ruin your credit rating and turn your life upside down. In recent breaches, more than 100 million Americans had their personal data compromised, including, in some cases, credit card information.”
For Obama’s speech in full visit http://www.whitehouse.gov.
Topics at the event included secure payment technologies; information sharing for cyber-security; and public-private collaboration. At a session on international law enforcement cooperation, among the speakers was Jamie Saunders, Director National Cyber Crime Unit, at the UK’s National Crime Agency. And among the Chief Information Security Officers (CISOs) speaking were Alex Stamos (Yahoo) and Joe Sullivan, (Facebook). Visit – http://www.whitehouse.gov/issues/foreign-policy/cybersecurity/summit
Comments
Simon Crosby, CTO and co-founder of Bromium said: “The telling theme from Obama’s address was the idea that we are building a cathedral of online infrastructure that has to embrace and protect our traditional non-digital values – privacy and security. He said that we are in the earliest stages of building – together – the infrastructure that must permit our online society to thrive into the future. We have bits/pieces in place, and many of them are not strong enough to endure. We need to add stronger components that will protect the core values of our society as we continue to build our online economy and social structure. This appeal is elegant – and true. It is apolitical in the sense that it is a broader societal appeal and not partisan, and it calls for an industry-wide approach to building first class infrastructure. It is an invitation to participate in building an infrastructure that everyone can trust and believe in – this was a nice sidestep of the need to address societal trust of the government, but it adroitly matched the broad consumer privacy appeal of Tim Cook’s address to the same meeting.”
Mike Brown, VP and GM, RSA Global Public Sector, said that President Obama’s new Executive Order related to cybersecurity, with recent legislative success in the last session of Congress, demonstrate the criticality of taking action now to combat the malicious activity that is occurring and bring some support to the consumer.
“The executive order and the legislation previously passed by Congress is a great start. But for the actions taken to increase information sharing among the public and private sectors to really be effective, additional legislation is necessary. We need to see liability relief along with codified roles and responsibilities for the public and private sector regarding information sharing. In addition, the President has called for a national breach process and updated criminal laws to support today’s security needs and the future environment. We support that. With this approach, information sharing can, in fact, truly become actionable and allow the good guys to operate inside the bad guy’s decision cycle.
“In addition, last week’s summit highlighted the importance of the Cybersecurity Framework (CSF) developed by the private sector while working with the government. The CSF for the first time provides all a common taxonomy and approach to understanding an organization’s risk (business or otherwise) and determine that organization’s ability to mitigate and prioritize those risks with cybersecurity capabilities. Many in the private sector have started implementing the CSF. Many, however, are confused or overwhelmed and have not yet started. RSA can help.
The CSF is a great model for organizations to implement. And for those mature organizations that have implemented a framework, it provides an easy way to communicate status and performance to those who are interested in cybersecurity posture – such as corporate leaders, board members and even regulators. In the wake of the serious breaches so far this year, a common question asked is: “what company is next?” All are at risk – but particularly those who don’t know where they stand.”
