Not Everyone Agrees On How To Tame Obama's Cyber 'Wild West' | KERA News

Not Everyone Agrees On How To Tame Obama's Cyber 'Wild West'

Feb 14, 2015
Originally published on February 14, 2015 9:15 am
Copyright 2017 NPR. To see more, visit http://www.npr.org/.

SCOTT SIMON, HOST:

President Obama wants to stop cyber-attacks by getting companies and law enforcement to talk more to each other about the threats. At Stanford University yesterday, the president signed a new executive order, one that might pave the way, but some in the business world wonder if sharing will be a two-way street. NPR's Aarti Shahani reports.

AARTI SHAHANI, BYLINE: At the daylong event, cabinet members, CEOs of top companies and President Obama himself rammed home the same message, which goes like this...

(SOUNDBITE OF SPEECH)

PRESIDENT BARACK OBAMA: So this summit's an example of what we need more of - all of us working together to do what none of us can achieve alone.

SHAHANI: To stop hackers. It's a big goal, a heavy lift and one that will take law enforcement and companies working smart, not just hard, together.

(SOUNDBITE OF SPEECH)

OBAMA: The cyber world is sort of the wild, wild West. And to some degree, we're asked to be the sheriff. When something like Sony happens, people want to know what can government do about this?

SHAHANI: The president is referring, of course, to the wholesale theft of emails, Social Security numbers, unreleased films from Sony Pictures, though by now, we've had megabreaches coming from all directions.

(SOUNDBITE OF SPEECH)

OBAMA: If information is being shared by terrorists in the cyber world, an attack happens, people want to know are there ways of stopping that from happening?

SHAHANI: One way to stop it is to let potential victims know they're at risk. U.S. intelligence agencies are a treasure trove of information about organized hacker rings and the newest attacks that aim to steal everything from American intellectual property to consumer data. In the physical world, a police precinct might put out an alert when there's a string of burglaries on a block. In the cyber world, experts say, federal authorities don't give a heads up nearly enough.

ALEX STAMOS: A lot of companies will report information from the government to allow for investigations and to hopefully go after cybercriminals.

SHAHANI: Alex Stamos is chief information security officer at Yahoo!.

STAMOS: It is very rare for the government to bring information back into industry that we can then use to preemptively stop these attackers.

SHAHANI: Stamos hopes that the new executive order prompts a change in attitude, gets law enforcement to open up and help companies like his keep an eye out for attackers trying to break into their networks. Interestingly enough, he says, there's a lot of information sharing in the criminal networks. They use the same brute force attacks, the same malware.

STAMOS: And so part of the goal of information sharing is to make sure that these folks can't build this infrastructure once and then use it over and over again.

SHAHANI: Rod Beckstrom is a former Department of Homeland Security official. He says while individual investigators often want to help preempt attacks, it's hard for whole agencies to change their ways.

ROD BECKSTROM: We'll see what comes out of that. That's a difficult thing for them to do.

SHAHANI: Do you anticipate that government agencies will begin to share more?

BECKSTROM: They're going to share something. I mean, we had a great announcement here, and the president of the United States stands behind this. And I think the department and agencies will line up and you'll see a little bit more sharing and - hopefully a lot more, but we'll see.

SHAHANI: The president's order gives Homeland Security a new power. It'll get added to the list of federal agencies that can share classified threat information with potential victims. Aarti Shahani, NPR, News, San Francisco. Transcript provided by NPR, Copyright NPR.