Data sharing will top the agenda at today’s summit featuring US president Barack Obama and Apple chief executive Tim Cook, with the US leader due to sign an advisory order encouraging Silicon Valley to set up groups to circulate threat intelligence.
The event has incited controversy even before it kicks off, with Facebook, Yahoo and Google all turning down invitations. But what does it mean for the industry?
1. Executive order is a ‘key step forward’
When it comes to improving cybersecurity, greater sharing of data is one of the most common suggestions for the industry. In the past companies have been reluctant to let others know their weak spots, but increasing awareness of hacking is overturning the old dogma.
"With large-scale security breaches such as the recent Anthem attack continuing to happen, encouraging businesses and governments to share more threat intelligence would be a key step forward in mitigating the risks of web attacks, and reducing their impact," said Keith Bird, UK MD of internet security vendor Check Point.
"The better the threat intelligence organisations have access to, the better protected they will be against the latest attack methods."
2. But is threat sharing the real frontier?
The fact that data sharing has been a request from IT professionals for so long arguably means government is well behind the technology sector – which would not be the first time.
Jim Penrose, EVP of cyber intelligence, at security firm Darktrace, noted that agreement on the usefulness of threat intelligence was widespread, and that doing it would "make it harder cyber criminals to commit fraud and monetise the private information they steal".
"The real challenge for the industry and the government is how to detect new targeted attacks against key institutions and critical infrastructure when nobody has the ‘threat intelligence’ beforehand to know you are under attack," he said, adding that analysts should turn their attention to pioneering cyber-attacks instead of the old stuff.
3. Government intends to ‘circumvent security’
In the wake of the leaks from NSA whistleblower Edward Snowden it is understandable that some as suspicious of the intentions of the US government whenever it comes to cybersecurity.
"I think the summit is predicated towards the government wanting to circumvent security mechanisms," said Tim Gallagher, senior security analysis team engineer at Nuspire Networks. "I don’t believe it has anything to do with securing my mum’s home computer."
Yet despite his cynicism he does support more data sharing and believes "professionals and corporations should police each other" to secure cyberspace. "The biggest thing we need to be doing is sharing information and trends with security professionals."
4. Legislation may stumble on civil liberties
Trepidation about government intentions is not restricted to the cybersecurity industry in the US, and any legislation that Obama might try to use to improve the nation’s security could face hostility from the citizenry.
"The last bill failed on concerns about protecting Americans’ civil liberties, Said French Caldwell, chief evangelist at governance software firm MetricStream. "Any new legislation will need to address those concerns."
He added that a functioning cybersecurity law must focus on strategic risk, establish standards, including an auditing system and implement mechanisms around sharing data. "Effective security intelligence practices and enabling analysis of inter-related and correlated security information from various sources is required," he said.
