Obama moves to counter CEOs resistance to cybersecurity rules

SEATTLE — How do you get busy chief executives from a cross section of industry giants into one room, on short notice, to discuss cybersecurity?

Have the U.S. Justice department disclose data theft of top celebrities, assign two top U.S. security officials to testify before Congress about rising cyber threats – and then ask the corporate captains to show up at the White House for a presidential briefing.

That’s what the Obama administration did this week – and it worked.

On Wednesday, 13 CEOs dutifully adjusted their busy schedules to travel to the White House Situation Room for what was described as a “two-way” exchange of information between the president and the chief executives.

In attendance were CEOs from AT&T, Exxon Mobil , Bank of America, JP Morgan Chase, United Parcel Service, Xerox, Siemens, Northrop Grumman, Marathon Oil, Honeywell International, American Electric Power Company, ITT Exelis, and Frontier Communications.

They came after testimony at a Senate hearing on Tuesday from Army Gen. Keith Alexander, the director of the National Security Agency, and James Clapper, the Director of National Intelligence, describing the prevalent nature of network breaches by data thieves and cyberspies.

President Obama sought to grab the full attention of the CEOs and put a stop to petty resistance to his recently-issued executive order designed to get the federal government and private companies working more closely to protect the nation’s critical infrastructure against cyberattacks.

That executive order became necessary because private industry successfully stalled the passage of proposed cybersecurity legislation, which the White House contends is still needed.

Paller

Senate testimony from Alexander and Clapper “made the issue urgent,” says Alan Paller, research director at security training firm The SANS Institute.

“The CEOs have a position that says ‘government cannot tell us a thing about securing ours systems,” Paller says. Even so, corporate networks “are being penetrated multiple times every day and they generally cannot find how far the infections have spread nor eliminate the infections,” he says.

Paller adds: “Even if the government shared active threat data, most of the large companies do not have the systems and people in place to act on the government threat data fast enough to protect their systems.”

Howard Schmidt, former White House cybersecurity adviser during Obama’s first term, says the meeting — set in the venue for dealing with national and global crises — was helpful.

“It’s an important dialogue to have and an important partnership given the growing sophistication of cyber attacks,” says Schmidt, a partner in Ridge Schmidt Cyber and executive director of the professional group, SAFECode. “”Cyber security is much more than a tech issue. It’s a business issue, a policy issue, a national security issue. We’re only going to be able to address this threat if business and government works together.”

Schmidt contends that “every leader in the c-suite needs to be focused on cybersecurity. The kind of attacks we’re seeing at present are growing in sophistication and damage every day. This is a critical time for CEOs to be layering in security measures to reduce risk so that their organizations can be resilient.”