President Obama signed an executive order on Friday to encourage private sector companies to share information about cyber-threats among themselves and the federal government, citing the Sony hacking attack as one example of the need for further measures and legislation.
Obama spoke at Stanford University at the White House Summit on Cybersecurity and Consumer Protection, with speakers including the CEOs of companies like Apple, Bank of America, Intel and MasterCard.
No entertainment executives were on the list of panelists at events throughout the day, but Kevin Mandia, the cybersecurity specialist who Sony hired to investigate the attack, was scheduled for a panel on international law enforcement cooperation. A White House official could not immediately say whether CEOs from major studios were invited.
“The North Korean cyber-attack on Sony Pictures destroyed data and disabled thousands of computers, and exposed the personal information of Sony employees,” Obama said. “And these attacks are hurting American companies and costing American jobs.”
Last month, the White House announced a number of measures
it planned to pursue in the wake of the Sony hacking attack. The administration is pushing for legislation that encourages private sector companies to share cyber-threat information with the the government, and in turn get “targeted” liability protection for sharing such information. It also is seeking legislation that would streamline a patchwork of state laws that set out how much time companies have to notify employees and customers of security breaches.
“So much of our computer networks and critical infrastructure are in the private sector, which means government cannot do this alone,” Obama said. “But the fact is that the private sector can’t do it alone either, because it’s government that often has the latest information on new threats.”
Earlier this week, the Obama administration also announced the formation of the Cyber Threat Intelligence Integration Center, designed to coordinate intelligence gathering among federal agencies.
Prospects for the legislation are uncertain, given a range of disagreements on issues like privacy and data security.