A plenary session led by Homeland Security Secretary Jeh Johnson, far right, gets underway at the White House Summit on Cybersecurity and Consumer Protection at Stanford University in Palo Alto, Calif. on Friday, Feb. 13, 2015. (Gary Reyes/Bay Area News Group) (Gary Reyes)



STANFORD -- Saying that cyber attacks could disrupt critical infrastructure, threaten public safety and undermine the economy, President Barack Obama today called on private corporations to work with the federal government to shore up network defenses.

The Internet is providing new opportunities for innovation and to connect citizens and corporations, but it also opens new vulnerabilities, Obama said in a speech at a computer security conference here. The only way to defend against those, he said, is for government and corporations to work together.

"This has to be a shared mission," Obama said. "The government cannot do this alone. The fact is that the private sector can't do this alone either."

To promote greater cooperation, Obama signed an executive order following his speech that gives government agencies greater leeway to share data -- including classified information -- with private companies about cyber threats. The order also encourages the creation of organizations that will serve as hubs for information about particular threats or for companies in specific regions.

Obama's speech and the White House-sponsored security summit come amid growing concern about the vulnerability of the government and large corporations to cyber attacks. Earlier this month, a hacking attack on health insurance giant Anthem exposed the personal data of up to 80 million customers and employees. That breach follows similar large-scale attacks over the last two years at companies including Target, Home Depot and J.P. Morgan Chase.

But it also comes amid widespread skepticism and even anger among technology companies and regular citizens about revelations from Edward Snowden and others that the National Security Agency has infiltrated the networks of major Internet companies and worked to undermine popular security standards. Some reports have also suggested that NSA-led cyber attacks on Iran and North Korea have prompted responses by those countries.

The tension between the government and the tech industry was highlighted by Apple CEO Tim Cook, who spoke just before the president. In his speech, Cook emphasized the importance of protecting consumer privacy and took a veiled shot at critics in the administration and law enforcement who have complained that Apple's encryption practices have made it difficult for them to pursue criminals and other bad actors. Cook argued that his company and others have an obligation to protect customer data.

"People have entrusted us with their most personal and precious information," Cook said. "We owe them nothing less than the best protection that we can possibly provide."

In his speech, Obama acknowledge some of the tensions. Although he called for greater privacy protections for citizens, he also argued that the government is responsible for protecting citizens from terrorist and other attacks.

"I have to tell you that grappling with how the government protects the American people from adverse events while at the same time making sure the government itself isn't abusing its capabilities is hard," he said.

The president has called on Congress to pass a reform measure that would curtail some of the government's surveillance capabilities. But civil liberties advocates have argued that the measure doesn't go nearly far enough. And the president has declined to put in place reforms on his own, using his own executive authority.

In addition to Cook, other prominent business figures speaking at the conference include Box CEO Aaron Levie, PayPal CEO Dan Schulman and PG&E CEO Anthony Earley Jr.

Contact Troy Wolverton at 408-840-4285. Follow him at Twitter.com/troywolv.

Obama order on cyber security


At the Cyber Security Summit at Stanford, President Obama will sign an executive order intended to protect computer networks and data. Among the provisions:


Information hubs. The order would promote the creation of "information sharing and analysis organizations," or ISAOs. These would serve as central points to share information on particular threats and in specific regions. The order also envisions the development of voluntary standards to which these organizations, which could be private companies or community organizations, would comply.
Information sharing. The order gives the Department of Homeland Security and the new National Cybersecurity and Communications Integration Center the authority to share threat data with the information hubs. It would also give companies easier access to classified cybersecurity data.
Privacy civil liberties protections. The order calls on information hubs to abide by voluntary standards to protect citizens' data and privacy that include minimizing the amount of data collected and kept.