President Barack Obama asked U.S. executives on Friday for closer cooperation in defending against hackers after high-profile attacks on companies like Sony that exposed weaknesses in America's cyber defenses.
Speaking at Stanford University, Obama told Silicon Valley and financial services CEOs that they needed to share more information more quickly both with each other and with his administration.
"Government cannot do this alone. But the fact is that the private sector can't do it alone either because it's government that often has the latest information on new threats," he told a gathering of CEOs.
Obama has moved cyber security toward the top of his 2015 agenda after the recent breaches but senior figures from the tech world who are at odds with the administration over government surveillance stayed away from his speech.
The Sony attack was particularly worrying for U.S. officials, who blamed North Korea for stealing data, debilitating computers and pressuring the studio to halt the release of "The Interview," a satirical film about leader Kim Jong Un.
Obama, in an interview with tech news website Re/code, said the Sony attack was especially worrisome because "it's not as if North Korea is particularly good as this." The president added that China and Russia are "very good" and Iran is "good" at cyber attacks.
"There's only one way to defend America from these cyber threats and that is through government and industry working together, sharing appropriate information as true partners," Obama said in his speech.
He met privately with a small group of business leaders in Silicon Valley to try to mend fences with tech companies still smarting over damage to their businesses when government surveillance practices were exposed by former National Security Agency contractor Edward Snowden.
Obama acknowledged in the Re/code interview that the Snowden disclosures "were really harmful in terms of the trust between the government and many of these companies, in part because it had an impact on their bottom lines."
Upset about the lack of reforms to surveillance programs, the CEOs of Google Inc, Facebook Inc and Yahoo Inc stayed away from Friday's conference.
Apple Inc Chief Executive Tim Cook gave an address and CEOs from PayPal, Intel Corporation, Visa and other financial services companies attended.
Cook warned about unspecified threats to privacy.
“We still live in a world where not all people are treated equally. Too many people are not free to practice their religion, or speak their mind, or love who they choose,” Cook said. “If those of us in positions of responsibility fail to do everything in our power to protect the right to privacy, we risk far more than money … we risk our way of life.”
In his Re/code interview, Obama said Europe's concern about privacy for users of Facebook and Google are "more commercially driven than anything else." He said European companies that "can't compete with ours" are using the issue to try to put up "roadblocks" for U.S. tech firms.
American Express Co CEO Kenneth Chenault said there was ample room for improving cooperation against hacking.
Though the card issuer scans constantly for threats, Chenault said only 5 percent of the cases the company finds are already the subject of warnings from other members in the financial sector’s well-regarded Information Sharing and Analysis Center. Only 1 percent of the threats has already been flagged by the federal government.
“Information-sharing may be the single highest-impact, lowest-cost and fastest way to implement capabilities we have in hand as a nation to accelerate our overall defense,” Chenault said.
The White House wants businesses to exchange more information about any attacks as rapidly as possible.
While at Stanford, Obama signed an executive order aimed making that happen by promoting hubs where companies can share information with each other and with the Department of Homeland Security.
If emails hit employees at one company with a link to a website loaded with code that can give hackers access to the network, that company should feel free to warn its competitors without worrying about antitrust or privacy rules, the White House argues.
The administration would like to automate the process as much as possible, so that machines would be informed what malicious websites or email addresses to block within minutes.
"The information we want to be moving is the information on things that actually indicate malicious activity. And so that’s malware indicators, that’s indicators of compromise, that’s bad IP addresses," Michael Daniel, the White House’s cyber security coordinator, told reporters.
Obama's executive order is one step in a long effort to make companies as well as privacy and consumer advocates more comfortable with proposed legislation that would offer firms protection from being sued for handing over customer information to the government.
Some executives said cyber security issues were leading to greater fragmentation of global business, and that the private sector could not overcome that without more serious discussion between governments.
"There’s a protectionism developing," said Bank of America CEO Brian Moynihan. "You’ve got to store the data here, you’ve got to use these providers."