Stanford-Hosted Cybersecurity Summit Calls for Government-Private Sector Teamwork

• By Dian Schaffhauser
• 02/17/15

Stanford University, which hosted a White House summit on cybersecurity and consumer protection last week, also witnessed the on-stage signing of a new executive order by President Obama to encourage companies and industries to set up hubs for sharing information. The order also calls for development of a set of standards by which the government can share information about cyber threats with those hubs.

The two-day cyber event brought together members of Congress, representatives from the private sector, government, academia, privacy and consumer groups and Stanford students to discuss privacy technologies and future research and education. Sponsored by the U.S. Department of Commerce's National Institute of Standards and Technology, the event focused on how to help businesses implement cyber security technologies in "real-world conditions."

Topics included:

• Public-private collaboration on cybersecurity;
• Improving cybersecurity practices at consumer-oriented organizations;
• Promoting more secure payment technologies;
• Cybersecurity information sharing;
• International law enforcement cooperation on cybersecurity;
• Improving authentication; and
• New ideas for technical security.

On the second day of the event (video above), the President addressed the audience, emphasizing what he called "four principles" that his administration is promoting to protect the cybersecurity infrastructure of the country:

• The job is a "shared mission." "So much of our computer networks and critical infrastructure are in the private sector, which means government cannot do this alone," he said. "But the fact is that the private sector can't do it alone either, because it's government that often has the latest information on new threats. There's only one way to defend America from these cyber threats, and that is through government and industry working together, sharing appropriate information as true partners."
• Each sector must focus on what it can do best. "Government has many capabilities, but it's not appropriate or even possible for government to secure the computer networks of private businesses," the President noted. "Many of the companies who are here today are cutting-edge, but the private sector doesn't always have the capabilities needed during a cyber-attack, the situational awareness, or the ability to warn other companies in real time or the capacity to coordinate a response across companies and sectors. So we're going to have to be smart and efficient and focus on what each sector does best, and then do it together."
• Evolution will be constant. "We design new defenses, and then hackers and criminals design new ways to penetrate them," he noted. "Whether it's phishing or botnets, spyware or malware, and now ransomware, these attacks are getting more and more sophisticated every day. So we've got to be just as fast and flexible and nimble in constantly evolving our defenses."
• The privacy and civil liberties of the American people must be protected. "When consumers share their personal information with companies, they deserve to know that it's going to be protected. When government and industry share information about cyber threats, we've got to do so in a way that safeguards your personal information. When people go online, we shouldn't have to forfeit the basic privacy we're entitled to as Americans," Obama stated.

He added that the White House has called for a "single national standard" so that people will know within 30 days if their information has been stolen. The administration has also proposed a student digital privacy act to define how data can be used in education as well as legislation called the "Consumer Privacy Bill of Rights," which will give people the right to decide what personal data can be collected by companies and to know how that information is being used.

Earlier in the week, administration also announced formation of a "Cyber Threat Intelligence Integration Center." The center is intended to do for cyber security what the National Counterterrorism Center does for terrorism. The goal for the center will be to analyze and integrate information already collected under existing authorities and share that information with the private sector to help them protect their networks and critical information.

An eight-hour video of the second day of the summit, which includes the President's remarks, is available on YouTube.