The Business Roundtable, the association of 210 chief executive officers whose companies account for more than $7.3 trillion in annual revenues and 16 million employees, today said that cyberthreats to their businesses have become so severe, a new way of sharing real time security information needs to be set up among companies and with the U.S. government.
"Cybersecurity threats from nation states and other well-funded, motivated actors present risks that neither the public nor the private sector can unilaterally address," the Business Roundtable executives stated in their report entitled, "More Intelligent, More Effective Cybersecurity Protection." They noted that "formidable criminals are systematically stealing intellectual property through cyber theft" and "even more dangerous adversaries are developing tools and capabilities to disrupt critical services that support the world's economy, security and public safety."
In its report, the group, whose CEOs hail from large companies that include Wal-Mart, ExxonMobil Corp., Proctor & Gamble, Dow Chemical, General Electric and others, said they have united around a proposal that calls for an unprecedented level of information-sharing between each other and the U.S. government for protection.
But the CEOs say to do this, some legal hurdles will have to be overcome, such as finding ways to obtain satisfactory liability, antitrust and freedom of information protections that would likely involve cooperation from Congress and the White House.
The Business Roundtable proposal includes ideas such as:
- Authorize and create two-way information sharing to actively exchange reports on imminent threats, response actions and situational awareness as well as deliver threat assessments, such as National Intelligence Estimates.
- Increase law enforcement capabilities to disrupt, apprehend and prosecute cyber criminals
- Position the public and private sectors to collaborate on cybersecurity vat strategic and operational levels.
- To effectively act on threat information provided by the government, private-sector companies will have to work across their respective enterprises. As a result, the government must not only increase the number and level of security clearances within the private sector but also strive to share information that is classified at the lowest possible level to ensure that companies are able to share threat information with corporate stakeholders responsible for taking appropriate action.
- Processes for real-time collaboration on the technical level between government and industry should also be established to address "serious risks."
"The companies are highly motivated to address this," says Liz Gasster, vice president at the Washington, D.C.-based Business Roundtable, about what she says is an unprecedented step by the CEOs of the Business Roundtable to publicly put forth a proposal to address cyberthreats.
The report and the proposal originated with the Business Roundtable's information and technology committee headed up by MasterCard CEO and President Ajay Banga, and the report out today was approved by all 210 CEOs at a meeting in December.
Sign up for CIO Asia eNewsletters.