Obama, Top CEOs Meet on CybersecurityUnderstanding the Significance of the Situation Room Meeting
Mark March 13, 2013, as a day in the annals of history.
Most people will remember the date as the ascension of Cardinal Jorge Bergoglio to the papacy as Pope Francis. But for those of us who consider cybersecurity as vital for society's well-being, March 13 is an important date as well.
The administration goal likely was to change the norm on how U.S. corporations perceive cyber issues: that they have a problem, that it's okay to have a problem.
It's the day President Obama elevated to new heights the importance of cybersecurity as a national priority. Not since May 29, 2009, when with much fanfare in a White House ceremony, Obama unveiled his cyberspace policy [see The President's 10-Point Cybersecurity Action Plan], has the president given as much attention to cybersecurity.
The president started this March 13 with an appearance on ABC News' Good Morning America, where he called on Congress to enact cybersecurity legislation: "There are ways that we can harden our critical infrastructure, our financial sector. They need to get this done."
Midday, Obama met with the House Republican majority on their turf in the Capitol, and according to the White House press secretary, cybersecurity was on the agenda. By late afternoon, back at the White House in the Situation Room, the president met with 13 chief executives from major corporations to discuss the need for the federal government and industry - especially the mostly privately-owned critical infrastructures operators - to collaboratively battle the cyberthreat.
Sending a Strong Message
Don't doubt the significance of the president's day. At a time when most of the news emanating from Washington has focused on budget and deficit battles, immigration reform and gun violence, having the president devote so much time on cybersecurity sends a strong message about safeguarding the nation's digital assets.
The Obama administration, from the start, designated cybersecurity as a national priority. But except for that one day in May in his first year in office, the president hardly spoke about cybersecurity. Even during his re-election campaign, the candidates made scant reference to the issue [see Cybersecurity: Obama vs. Romney]. During the first four years of the Obama administration, the White House was actively promoting legislation and creating initiatives aimed at securing cyberspace. Still, visible leadership counts, and that relative silence by the president on cybersecurity left the impression that IT security wasn't as big of a deal as it should have been.
The March 13 emphasis on cybersecurity didn't come out of the blue. On Feb. 12, in his State of the Union address, Obama unveiled his executive order to have the government share classified cyberthreat information with critical infrastructure owners and institute a process for government and industry to develop IT security best practices that infrastructure owners could voluntarily adopt [see Obama Issues Cybersecurity Executive Order and State of the Union: Cybersecurity Word Count]. In subsequent weeks, top administration officials used public venues to tout the administration's cybersecurity objectives [see Daniel Sees Path to New Infosec Law], culminating on March 12 when Director of National Intelligence James Clapper designated the cyberthreat, not terrorism, as the No. 1 global threat.
Symbolism of the Venue
But the most impressive of Obama's activities on March 13 was his meeting with the 13 CEOs in the Situation Room. Don't discount the importance of holding the meeting in such a venue: it reinforces the message of the gravity of the cyberthreat.
What was discussed behind those closed doors? Here's the official White House readout of the meeting:
"This afternoon, a group of CEOs met in the Situation Room with senior White House and NSC [National Security Council] officials to discuss cybersecurity and the threat it poses to our economy and our security. The president joined this meeting to demonstrate the importance he and his administration place on the issue of cybersecurity. Today's meeting was part of the administration's ongoing dialogue with the private sector on cybersecurity.
"The president and the CEOs discussed the increasing cyber threats to our critical infrastructure and our economy. They discussed the efforts the U.S. Government is taking to address these threats, including diplomatic engagement and the president's recently signed executive order. The president and the CEOs discussed how the government and private sector can build on our cooperation to improve the nation's cybersecurity. And finally, they discussed the need for cybersecurity legislation to enable government and industry to more effectively address these cyber threats."
Who attended? Nicholas Akins, American Electric Power; Ursula Burns, Xerox; Wes Bush, Northrop Grumman; Clarence Cazalot, Marathon Oil; David Cote, Honeywell International; Scott Davis, United Parcel Service; James Dimon, JP Morgan Chase; David Melcher, ITT Exelis; Brian Moynihan, Bank of America; Eric Spiegel, Siemens; Randall Stephenson, AT&T; Rex Tillerson, Exxon Mobil; and Maggie Wilderotter, Frontier Communications.
It's Okay to Admit to a Problem
Christopher Bronk, a fellow in information technology policy at Rice University's James A. Baker III Institute for Public Policy, points out the CEOs represent nearly every important segment of the American economy, except Silicon Valley. "The administration goal likely was to change the norm on how U.S. corporations perceive cyber issues: that they have a problem, that it's okay to have a problem and that they must lead on solving the problem, as it likely has an impact on the bottom line of all the companies invited," Bronk says.
Leaving the meeting, JP Morgan Chase's Dimon, according to Bloomberg News, characterized the session as "very helpful, productive." Honeywell's Cote told Bloomberg News: "There is a consistent, persistent threat here that we need to be concerned about as a country. Just having this meeting, I think, was huge."
Since Obama became president, Congress has faltered, mostly along partisan lines, on enacting significant cybersecurity legislation. Among the biggest critics of his cybersecurity agenda has been big-business organizations such as the U.S. Chamber of Commerce, who oppose Obama's proposal of getting government involved in establishing IT security best practices that businesses could voluntarily adopt. The meeting with the CEOs was an end-run around the Chamber and its allies in Congress to get that legislation passed. It could work if all sides are willing to give a bit. Listen to what Cote told CNBC: "I think we all agreed - and that included the administration and the president - that we want as light a government touch on this as possible. Flexibility is important, because this is the kind of threat that changes very quickly."
If Congress enacts significant cybersecurity legislation this year, remember the happenings of March 13.