Speaking at the White House summit on cyber-security last Friday, US President Barack Obama pointed out that most of the IT infrastructure was in private hands, government had the most up-to-date information on new cyber-threats. “The only way to fully defend our country … is by government and industry working together,” he said.
Relations between the two have been frosty for the last year since Edward Snowden's revelations about industry involvement in national security's monitoring of private conversations.
This was reflected in the non-attendance at the summit of senior executives from Google, Facebook and Yahoo - although all companies stressed they had a presence there. One industry attendee was Apple CEO Tim Cook, who used the occasion to stress the importance of customer privacy. Apple's plans to incorporate encryption as standard in iOS 8. FBI officials have expressed their concern with the levels of encryption from IT vendors. Cook spoke about Apple's advances in such services as Apple Pay.
Bob West, chief trust officer of CipherCloud was one of the attendees at the summit and welcomed the President''s remarks: “The executive order for information sharing is a great starting point and a firm first step. We also need to continue to educate boards of directors and executive teams to make sure there is broad adoption of the NIST cyber-security framework. Whether we are talking about this information-sharing order or parts of the President's cyber-security proposal, such as breach notification standards, it will be important to harmonise US laws with international ones.”
He also supported Cook's position on secure transactions. “Apple Pay's use of a one-time transaction code (instead of a credit card number) is a game-changer for the continuously-attacked payments system and this type of technology should be applied broadly.”
There was also some support from Simon Crosby, CTO of Bromium. “The telling theme from Obama's address was the idea that we are building a cathedral of online infrastructure that has to embrace and protect our traditional non-digital values – privacy and security. He said that we are in the earliest stages of building – together – the infrastructure that must permit our online society to thrive into the future. We have bits/pieces in place, and many of them are not strong enough to endure.”
However, security consultant Graham Cluley is sceptical about the need for the two sides to co-operate closely: “I don't think governments and vendors should be working together,” he told SCMagazineUK.com. “Vendors should be providing strong encryption and privacy to secure communications from not only covert government surveillance but regular criminals.
He said that such co-operation could be a bit of a slippery slope. “If company X decides to do a deal with, say, the UK, what's to stop other countries also demanding weakened encryption or a backdoor that *they* can also exploit? Is the UK going to be okay with that? What if the UK and the other country aren't on friendly terms, or if the UK doesn't want its own communications snooped upon by the other country?”