Groups to push for encryption, secure payments at White House cyber summit

The White House will hear ideas for improvements at its first cybersecurity summit in Silicon Valley

The White House heads west to Silicon Valley on Friday looking for ideas on how to improve the nation's cybersecurity, and members of President Barack Obama's administration are likely to get an earful.

The White House's first-of-its-kind cybersecurity summit at Stanford University will feature remarks from Obama and from Apple CEO Tim Cook, but participants are likely to hear a range of ideas about how to improve cybersecurity at U.S. businesses.

Scheduled panel discussions will focus on improving cybersecurity practices at consumer-facing businesses, on using cybersecurity as a business advantage, and on promoting secure payments.

The use of encryption could be a sticking point during discussions. Obama administration members have voiced concerns in recent months about Apple and Google adding encryption functionality to smartphones running their operating systems. Officials at the FBI and Department of Justice say a larger number of encrypted smartphones will allow criminals to hide their activities from police.

It's unlikely that the Obama administration will push for encryption workarounds at the summit, said Kevin Bankston, policy director at the New America Foundation's Open Technology Institute digital rights group. Instead, Bankston said he expects Obama to promote encryption.

"We do hope he will use it as an opportunity to reaffirm the White House's recognition of encryption technology as a cornerstone of the modern Internet economy and a critical tool for the protection of privacy and cybersecurity," Bankston said.

Other cybersecurity experts and summit participants hope a variety of security tools will be highlighted there.

Participants need to focus on how to improve the sharing of cyberthreat information between businesses and government agencies, said Phil Smith, senior vice president of government solutions and special investigations at cybersecurity vendor Trustwave.

Some U.S. lawmakers and tech trade groups have pushed Congress for years to pass legislation that would protect from customer lawsuits businesses that share this data. But privacy groups have objected to past bills like the Cyber Intelligence Sharing and Protection Act [CISPA], saying it would allow businesses to share too much personal information with the government.

"Sharing cyberthreat information between law enforcement, government agencies and the private sector is imperative to protecting the citizens of our country against the latest cyberthreats and I hope the summit will focus on that message," Smith said by email.

Smith hopes the summit will include discussion on a cyberthreat sharing program that goes beyond a voluntary framework and has some "teeth" that sets up a protected environment for information sharing.

The summit should also push for new secure payment technologies, said Stephen Orfei, general manager of the PCI Security Standards Council, a payments standards group. The summit has a panel discussion on secure payments on its agenda.

Obama's emphasis on cybersecurity, along with recent high-profile cyberattacks, have "put data protection front and center on the national stage -- which is a good thing for payment security," Orfei said by email.

Orfei expects that EMV [Europay, MasterCard and Visa] chip technology for payment cards will be featured at the summit "for good reason," he said. "It will button down security at the point of sale."

But EMV chip, or chip-and-PIN, adoption will push hackers to attack other types of sales, including online transactions where the credit card isn't physically present, he said. "We know that no single technology can keep us completely safe," he said.

The U.S. also needs to push basic security controls, such as daily log monitoring and strong passwords, because it's "disturbing" how often those basic controls aren't being used, he said.

Meanwhile, the National Retail Federation, a trade group, called on Obama to push payment card vendors to adopt chip-and-PIN technology. The U.S. government should also provide fraud protection for debit cards, like it does for credit cards, and it should encourage point-to-point encryption across the U.S. payment system, the trade group said in a letter to Obama.

Grant Gross covers technology and telecom policy in the U.S. government for The IDG News Service. Follow Grant on Twitter at GrantGross. Grant's email address is grant_gross@idg.com.

Join the CSO newsletter!

Error: Please check your email address.

Tags tim cookNew America FoundationNational Retail FederationU.S. White HouseregulationKevin BankstonPhil SmithStephen OrfeiBarack ObamaPCI Security Standards CouncilStanford UniversityAppletrustwavesecuritygovernment

More about AppleDepartment of JusticeFBIGoogleIDGNewsStanford UniversityTechnologyTrustwaveVisa

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by Grant Gross

Latest Videos

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

  • 150x50

    IDG Live Webinar:The right collaboration strategy will help your business take flight

    Speakers - Mike Harris, Engineering Services Manager, Jetstar - Christopher Johnson, IT Director APAC, 20th Century Fox - Brent Maxwell, Director of Information Systems, THE ICONIC - IDG MC/Moderator Anthony Caruana

    Play Video

More videos

Blog Posts

Market Place