At cyber summit, Obama nearly alone
February 14, 2015A deep distrust marked the setting of Obama's visit to the cybersecurity summit this week. Since the Edward Snowden leaks, "many players within Silicon Valley and the industry simply do not trust the US government at this point," cyber expert Herb Lin told DW.
As a case in point, the senior executives of Internet giants Google, Yahoo, Microsoft and Facebook weren't anywhere to be seen at the summit, though Apple's Tim Cook was.
"Relations are a mess right now and trying to repair that mess is a big problem," said Lin, who has worked at the National Academy of Sciences for 20 years.
Tainted relationship with Silicon Valley
The New York Times on the day of Obama's visit spoke of a "poisoned relationship" between Silicon Valley and Washington, D.C. That's bad news for President Obama, who called the heads of the leading tech firms to meet at Stanford University in California.
In his State of the Union address last month, Obama declared cybersecurity a national priority and called for cooperation between the government and the private sector.
And at Friday's conference he spoke to the absent CEOs again. "So much of our computer networks and critical infrastructure are in the private sector, which means government cannot do this alone," Obama said. "But the fact is that the private sector can't do it alone either, because it's government that often has the latest information on new threats."
Improving information-sharing
Ken Gude, cyber expert at the Center for American Progress think tank, believes there is an essential element to improving cybersecurity, namely the improvement of information sharing between companies and the government.
Edward Lowery of the United States Secret Service admits that the necessary exchange of information between government agencies and private sector companies doesn't yet work very well. The Secret Service, which among other things concerns itself with cyberattacks, would welcome a standardized exchange of information and publication of cyberattacks.
But for this, the omnipresent NSA would also have to be willing to cooperate, since it, of all organizations, would have "extensive information about weak spots in the system," Gude said.
President Obama is under pressure. In the past few months alone, there was an abundance of headlines on large-scale theft of personal consumer data. Large companies such as Target and JPMorgan Chase were affected. The cyberattacks on Sony Pictures became a massive political issue. The government regarded them as a threat to national security and subsequently imposed sanctions on North Korea.
Gude told DW that the average citizen feels helpless in the face of security threats and that the summit could start "a national dialogue," which would raise awareness in the long run.
Only legal action can sway private sector
Even if President Obama created a cyberagency by decree to improve the exchange of information concerning cyberattacks, US experts don't see much of a way to enforce more cooperation, as presidential decrees are not legally binding.
Herb Lin is also skeptical that Obama's speech will achieve much – the age of informal cooperation between industry and government ended with the Edward Snowden leaks.
"Right now, the industry is willing to do what government law requires them to do, but no more than that. They are willing to do the minimum, because they are compelled to do so by law, but nothing more."
The information leaked by Snowden on the activities of the NSA had a massive negative impact on the business interests of tech companies.
"And a lot of foreign companies don't trust Americans now either – they say they are compromised."
Disagreements about encryption
To improve their image and protect themselves from potential NSA overreach, Google, Yahoo and Apple have invested a great deal in the encryption of customer data. So demands from Washington not to overdo it with encryption and to deliver customer data to security services upon request have the same effect as waving a red flag at a bull.
Tim Cook's speech could be interpreted as a case for exactly the opposite. Cook pointed out that Apple's new payment system Apple Pay was much more secure than a credit card. He said each transaction generates data that is only known to the customer and the vendor. "Apple doesn't have this information and we don't want it," he said, receiving a round of applause.
Cook said he could see similar digital concepts for drivers' licenses and ID cards as well.
Edward Lowery welcomed encryption technology, preferring to focus on the hard reality of current cyberattacks instead of on what technology might bring years down the road.
"Any defensive technology that's out there, that provides a high level of security to the infrastructure owners, we support," the Secret Service assistant director told DW.
But he said law enforcement still needed to have access to the information, "with the proper court order, with the proper ability through a legal process."
Long path to cyberwar
Speaking at Stanford, Obama pointed out that cyberattacks cost the US economy billions of dollars. But he didn't divulge how dangerous a cyberattack could be for national security.
Ken Gude was of the opinion that it was certainly becoming increasingly worse, but added that it would be a very long time before a cyberwar would become more dangerous than a conventional conflict.