FACT SHEET: Executive Order Promoting Private Sector Cybersecurity Information Sharing

FACT SHEET: Executive Order Promoting Private Sector Cybersecurity Information Sharing

Today, President Obama will sign an Executive Order to encourage and promote sharing of cybersecurity threat information within the private sector and between the private sector and government. Rapid information sharing is an essential element of effective cybersecurity, because it enables U.S. companies to work together to respond to threats, rather than operating alone. This Executive Order lays out a framework for expanded information sharing designed to help companies work together, and work with the federal government, to quickly identify and protect against cyber threats.

 

Encouraging Private-Sector Cybersecurity Collaboration

 

Encourage the development of Information Sharing Organizations: This Executive Order encourages the development of information sharing and analysis organizations (ISAOs) to serve as focal points for cybersecurity information sharing and collaboration within the private sector and between the private sector and government. Information Sharing and Analysis Centers (ISACs) are already essential drivers of effective cybersecurity collaboration, and could constitute ISAOs under this new framework. In encouraging the creation of ISAOs, the Executive Order expands information sharing by encouraging the formation of communities that share information across a region or in response to a specific emerging cyber threat.  An ISAO could be a not-for-profit community, a membership organization, or a single company facilitating sharing among its customers or partners.

Develop a common set of voluntary standards for information sharing organizations: The Executive Order also directs the Department of Homeland Security to fund the creation of a non-profit organization to develop a common set of voluntary standards for ISAOs. Developing this baseline will enable ISAOs to quickly demonstrate their policies and security protocols to potential partners. This will make collaboration safer, faster, and easier, and ensure greater coordination within the private sector to respond to cyber threats.

 

Enabling Better Private-Public Information Sharing

Clarify the Department of Homeland Security’s authority to enter into agreements with information sharing organizations: The Executive Order also increases collaboration between ISAOs and the federal government by streamlining the mechanism for the National Cybersecurity and Communications Integration Center (NCCIC) to enter into information sharing agreements with ISAOs. This will ensure that robust, voluntary information sharing continues and expands between the public and private sectors. The administration intends this expanded sharing to complement existing effective relationships between government and the private sector.

Streamline private sector companies’ ability to access classified cybersecurity threat information: Classified threat information can often provide valuable context to network defenders and enhance their ability to protect their systems. The Executive Order adds the Department of Homeland Security to the list of Federal agencies that approve classified information sharing arrangements and takes steps to ensure that information sharing entities can appropriately access classified cybersecurity threat information.

 

Providing Strong Privacy and Civil Liberties Protections

 

The Executive Order ensures that information sharing enabled by this new framework will include strong protections for privacy and civil liberties. Private sector ISAOs will agree to abide by a common set of voluntary standards, which will include privacy protections, such as minimization, for ISAO operation and ISAO member participation. In addition, agencies collaborating with ISAOs under this order will coordinate their activities with their senior agency officials for privacy and civil liberties and ensure that appropriate protections for privacy and civil liberties are in place and are based upon the Fair Information Practice Principles.

Paving the Way for Future Legislation

The Executive Order also complements the Administration’s January 2015 legislative proposal, and paves the way for new legislation, by building out the concept of ISAOs as a framework for the targeted liability protections that the Administration has long asserted are pivotal to incentivizing and expanding information sharing. The Administration intends this proposal to complement and not to limit existing effective relationships between government and the private sector.

Lover, Fighter, Friend, Journalist, and Activist.

Posted in Uncategorized

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

February 2015
M T W T F S S
« Jan   Mar »
 1
2345678
9101112131415
16171819202122
232425262728  
Blog Stats
  • 820,454 hits
Top Clicks
  • None
%d bloggers like this: