Obama’s executive order calls for sharing of security data

President Barack Obama signed an executive order on Friday designed to spur businesses and the Federal Government to share with each other information related to cybersecurity, hacking and data breaches for the purpose of safeguarding U.S. infrastructure, economics and citizens from cyber attacks. He signed the order in front of an audience at Stanford University during his keynote address for the White House’s Summit on Cybersecurity and Consumer Protection.

Obama’s speech started off relatively light-hearted with the President pointing out how much technological innovation could be traced back to Silicon Valley and Stanford and even joking that the big webscale companies of [company]Yahoo[/company] and [company]Google[/company] “were pretty good student projects.”

Things took a turn to the dark side, however, with Obama segueing into the devastation that modern-day technology can bring as exemplified by the major data breaches we’ve seen at Sony Pictures Entertainment and insurance provider Anthem.

The new executive order is supposed to help nullify future attacks with the idea that companies have information related to data breaches that could be helpful to the Federal Government and vice versa.

“So much of our computer networks and critical infrastructure are in the private sector, which means government can’t do this alone,” Obama said. “But the fact is that the private sector can’t do it alone either, because it’s government that often has the latest information on new threats.”

With the new executive order, Obama wants both the private and public sector to create hubs where they can trade information with each other and respond to threats “in as close to real time as possible,” according to the executive order.

Obama insisted at several points throughout his speech (and in the executive order itself) the need to balance privacy concerns with national security concerns, a hot topic that has privacy advocates worried that giving government access to business and personal data will lead to intelligence agencies overstepping their boundaries.

“I have to tell you that grappling with how the government protects the American people from adverse events, while at the same time making sure that government itself is not abusing its capabilities, is hard,” said Obama.

Indeed, this delicate line between privacy and security led to senior executives from Google, Yahoo and [company]Facebook[/company] declining to attend the security summit. It’s no secret there’s been bad blood between these companies and the U.S. government ever since the leaked Edward Snowden documents detailed the government’s data-collection methods as they relate to the tech giants.

Ironically, Facebook earlier this week revealed its own collaborative-threat detection framework dubbed ThreatExchange, in which its purpose is to provide an online hub (hosted by Facebook, of course) where companies can exchange security-related information in order to prevent further data breaches and hacks. Among the companies participating with Facebook on the project are Pinterest, Tumblr, [company]Twitter[/company] and Yahoo.

While ThreatExchange allows the trading of security data, it’s probably not exactly what the U.S. government is looking for since its only available for businesses to tap into.

Whether the private sector wants to voluntarily disclose more information to the U.S. government in the name of security remains to be seen, but in the time being, it’s looking like companies are at least open to sharing information with each other sans government.

Leading Democratic congressman wants to bring back CISPA

Dutch Ruppersberger, a U.S. congressman for Maryland and a top-level Democrat on the House Intelligence Committee, plans to revive the Cyber Intelligence Sharing and Protection Act (CISPA) this Friday, The Hill reported. The move comes in response to the hack on Sony Pictures Entertainment, which the FBI has been blaming on North Korea. Although the bill, a source of contention for privacy advocates when it was first introduced, was passed by the US House of Representatives in 2012, the Senate decided to not vote on it in 2013. “The reason I’m putting bill in now is I want to keep the momentum going on what’s happening out there in the world,” Ruppersberger told the The Hill.

FBI: North Korea “got sloppy” with IP addresses in Sony hack

The FBI continued to insist Wednesday that North Korea was responsible for hacking Sony Pictures Entertainment, the Associated Press reported. FBI Director James Comey said at a New York cybersecurity conference that North Korea “got sloppy” when it attempted to use proxy servers that would mask the attacks.

Apparently, North Korea forgot to conceal some of its activities with the proxy servers, which resulted in the FBI discovering messages that were linked to IP addresses that North Korea “exclusively used,” Comey said.

When North Korea realized it made a mistake, it rectified the situation, but Comey said it was too late and the FBI “saw where it was coming from,” reported Wired.

The Sony data breach is also linked to North Korean-developed malware, which the isolated nation supposedly used to break into South Korean banks last year, he said.

While Comey shared a few more tidbits into the [company]Sony[/company] hack, he was hesitant to go into greater detail on how exactly the U.S. was able to pinpoint North Korea as the culprit beyond what he said because the U.S. has to “preserve our methods and sources.”

This will undoubtedly not please the security experts who have been raising concerns about the U.S. government’s story that North Korea was responsible, claiming the little evidence the FBI has shown so far does not prove its case. Security firm Norse Corp. recently showed the FBI its own forensics on the Sony hack, which the FBI reportedly brushed aside.

Addressing the skeptics, Comey said during the cybersecurity conference, “They don’t have the facts I have.”

Again, this seems to be a “take us at our word” situation with the FBI holding the details and releasing the occasional nugget of information to appease naysayers. It’s safe to say there’s been no smoking gun released so far.

Citing cybercrime, Obama unloads sanctions on North Korea

The United States is laying down additional economic sanctions on North Korea courtesy of an executive order issued by President Obama on Friday. The sanctions come in response to the U.S. Federal Bureau of Investigation’s decision to blame North Korea for the colossal hack against Sony Pictures Entertainment.

As part of the executive order, the U.S. Department of the Treasury singled out three North Korean entities, including the North Korean intelligence agency known as the Reconnaissance General Bureau, and ten individuals as “being agencies or officials of the North Korean government,” according to a U.S. Department of the Treasury announcement on the sanctions.

Among the ten individuals the Treasure Department lists are several North Korean government officials who represent the Korea Mining Development Trading Corporation, North Korea’s arms dealer, in countries including Iran, Russia and Syria.

“Today’s actions are driven by our commitment to hold North Korea accountable for its destructive and destabilizing conduct,” said Secretary of the Treasury Jacob J. Lew in the announcement.

The sanctions are the latest to hit North Korea, whose rogue behavior (on nuclear testing, for example) has earned multiple economic sanctions from the U.S. (and other countries) in recent years.

What makes these new sanctions stand out is the fact that they are attributed to North Korea’s alleged large-scale data breach as opposed to more common reasons for economic sanctions like human rights violations or war crimes.

While the U.S. has been gung-ho in saying North Korea is to blame for devastating [company]Sony[/company], several security experts have been disputing the FBI’s claims. The FBI has reportedly been meeting with security companies to discuss the possibility that North Korea was not responsible, but apparently the bureau has not been swayed with what it’s hearing.

The Daily Beast reported that security firm Norse Corp. recently presented to the FBI its own findings into the Sony hack that supposedly debunked claims that North Korea helmed the attack; the FBI apparently waved it off.

“They basically said thanks a lot and shook our hands and took off,” Kurt Stammberger, a Norse senior vice president, told The Daily Beast.

Kim Dotcom wants to take his Internet Party to the U.S.

Controversial internet entrepreneur Kim Dotcom is getting to take his political ambitions to stateside. Dotcom announced on Twitter Monday that his Internet Party is going to launch in the United States in 2015.

Neutral no more

Now that Barack Obama has put his clear personal stamp on net neutrality, even Republicans who wouldn’t know Title II from the Tidal Basin, will be utterly, eternally and vocally opposed to reclassification.