Palo Alto, Calif. -- Describing cyberspace as the new "wild, wild West," President Barack Obama on Friday said that while everyone expects the government to be the sheriff, the private sector must do more to stop cyberattacks. He also called for the passage of a single national standard requiring consumers to be notified within 30 days if their financial or personal data is stolen.
The president made his remarks during a keynote address at the White House Summit on Cybersecurity and Consumer Protection at Stanford University. Speaking before an audience that included tech CEOs, retailers, law enforcement officers and consumer and privacy advocates, he said that all must work together to do what none can achieve on their own. He even signed an executive order to promote the sharing of more information about cyberthreats during the event.
Obama called for intensive public-private sector cooperation to both combat cyberthreats and protect consumer privacy in the process. He laid out a series of principles for achieving cybersecurity and consumer protection, the first being to make protecting the private sector infrastructure a shared mission.
“The government cannot do it alone, and neither can the private sector,” said Obama. “The government has information on the latest threats. Government and industry should be working together sharing appropriate information as true partners. The government can’t secure the networks of private businesses, and the private sector doesn’t always have the resources needed during a cyberattack.”
In protecting the privacy and civil liberties of the American people, Obama stressed the importance of not overlooking the basic rights of Internet users when government and industry defend against, and respond to, cyberattacks.
“When you go online, you shouldn’t have to sacrifice the basic privacy we expect as Americans,” said Obama.
Obama called on government to work with industry to create a cybersecurity framework that enables the prevention, response to and recovery from cyberattacks.
“I’m calling on Congress to work to make sure security is safeguarded,” Obama said. “That includes fully funding the Homeland Security department.
Citing progress that has been made in the area of cybersecurity, Obama has also called for a Consumer Privacy Bill of Rights that will let consumers decide what data companies can collect and how they can use it, as well as a Student Digital Privacy Act that will prevent data collected from educational technology from being used for marketing purposes. Obama also wants to provide liability protection for companies that share information on cyberthreats.
Obama emphasized that nations, as well as hackers, terrorists and other criminals, are involved in cyberattacks on U.S. corporate and government networks. He mentioned China and Russia by name, and also directly blamed North Korea for the recent hack into the network of Sony and subsequent public release of emails and other corporate data.
Sharing cyberthreat information dominated the rest of Obama’s address. Government efforts include a new Cyberthreat Intelligence Integration Center, a single entity that analyzes cyberthreats across the government. Industry is contributing with efforts such as the “Buy Safe” initiative from card providers including Visa, MasterCard and American Express, designed to make transactions more secure.
Obama said that technology “outstrips” the pace of regulation, requiring government to be self-critical and foster open debate about protecting consumer privacy while deterring threats. He also said international cooperation, including with countries that do not share America’s commitment to openness, will be required.
Obama concluded by saying cybersecurity is not a partisan effort.
“This is a not a Democrat or Republican issue,” said Obama. “Everyone is online. Everyone is vulnerable.”