Obama Signs Information-Sharing Executive Order To Boost Cybersecurity: How Effective Will It Be?

[Audrey McNeil <audrey () riskbasedsecurity com>]

http://www.techtimes.com/articles/32911/20150216/obama-signs-information-sharing-executive-order-boost-cybersecurity-effective-will.htm

President Barack Obama has signed an executive order urging private sector
companies to share information about cybersecurity efforts and incidents.

The announcement follows Obama's unveiling of a new agency to assess and
track cyber threats.

"Protecting the American people while making sure government is not abusing
its capabilities is hard," said Obama at the White House Cybersecurity
Summit. "The cyber world is sort of the Wild Wild West and to some degree
we are asked to be the sheriff."

Obama, in his remarks, noted the difficulty in balancing data security and
user privacy. His executive order is not being received well by everyone in
the business and IT security realm. Yet the White House believes it's the
perfect mechanism for supporting the new federal Cybersecurity Framework.

"[T]hat cathedral will not just be about technology but about the values we
have embedded in this system. It will be about privacy and security and
about connection. A magnificent cathedral and we're all going to be a part
of that," he said.

Critics say forcing companies to disclose information when data is breached
does not only invade a company's privacy, but also opens up an avenue for
increased customer concern and confusion.

A more effective approach, some suggest, would be to tell companies that
they must have a plan in place for data is breached.

The White House believes the executive order is needed to get businesses
paying more attention to cybersecurity issues and risks.

"The Executive Order ensures that information sharing enabled by this new
framework will include strong protections for privacy and civil liberties,"
said the White House in a post. "Private sector ISAOs [information sharing
and analysis organizations] will agree to abide by a common set of
voluntary standards, which will include privacy protections, such as
minimization, for ISAO operation and ISAO member participation."

In the wake of the Edward Snowden revelations, many companies are concerned
about providing sensitive information to government agencies.

Security experts supporting the White House order hope that by sharing data
and cybersecurity knowledge, companies can soon shift away from dealing
reactively to data breaches toward more prevention and proactive security
practices.

_______________________________________________
Dataloss Mailing List (dataloss () datalossdb org)
Archived at http://seclists.org/dataloss/
Unsubscribe at http://lists.osvdb.org/mailman/listinfo/dataloss
For inquiries regarding use or licensing of data, e-mail
        sales () riskbasedsecurity com 

Supporters:

Risk Based Security (http://www.riskbasedsecurity.com/)
YourCISO is an affordable SaaS solution that provides a comprehensive information security program that ensures focus 
on the right security.  If you need security help or want to provide real risk reduction for your clients contact us!