WASHINGTON — President Obama wants to make it easier for retailers and other companies to share information on cyber threats and data-security breaches with the government.
Obama outlined new steps in an executive order Friday as he led a White House cybersecurity summit at Stanford University in Palo Alto, Calif., bringing together executives from major corporations and technology companies, consumer and privacy advocates, law enforcement, educators and students.
The President’s executive order lays out a framework for expanding collaboration between the private sector and government through the creation of “information-sharing and analysis organizations,” or ISAOs, which will serve as critical hubs to coordinate data from various sources.
The White House said in a fact sheet that the new hubs could include not-for-profit organizations or even a single company that facilitates information-sharing among its customers or partners. The order also increases collaboration by streamlining and clarifying the Department of Homeland Security’s authority to enter into agreements with the ISAOs, makes companies’ ability to access classified cybersecurity threat information easier and ensures strong protections for privacy and civil liberties.
Obama has outlined several proposals in the past few months, including data-breach notification legislation, that would require companies to notify their customers within 30 days of a cybersecurity attack. The administration’s push for improving data sharing and payment systems comes on the heels of major breaches at government agencies and the private sector, including Target Corp., Home Depot and Sony Pictures.
Several companies also announced initiatives of their own at the summit, aimed at protecting payment systems and consumers. Visa said it is committing to “tokenization,” a system that substitutes credit card numbers with “randomly generated” tokens for each transaction, by the end of the first quarter. MasterCard said it will invest more than $20 million in new cybersecurity tools, including the deployment of a “Safety Net” that will reduce the risk of large-scale cyber attacks. The credit card company also said it will partner with First Tech Federal Credit Union in a pilot program this year that will allow consumers to authenticate and verify transactions using a combination of biometrics such as facial and voice recognition. American Express said it will roll out a multifactor authentication technology for consumers.