President Signs Executive Order for Unity in Cybersecurity | IT Support and Hardware for Clinics | Scoop.it

Executive Order to Promote Cyberthreat Info Sharing

Key Takeaway: President Obama, last Friday, signed an executive order to promote more information sharing about cyberthreats – both within the private sector and between the government and private sector.

Why it Matters: This is the latest in a series of steps taken by the Obama administration to focus on cybersecurity, going back to February 2013. When viewed alongside congressional efforts, there appear to be consensus on a number of items – including the need to bolster information sharing organizations and develop information sharing protocols.

Last week, President Obama signed an executive order (EO) promoting private sector cybersecurity information sharing during the first White House summit on Cybersecurity and Consumer Protection at Stanford University.  According to the EO, “The purpose of this order is to encourage the voluntary formation of such organizations, to establish mechanisms to continually improve the capabilities and functions of these organizations, and to better allow these organizations to partner with the Federal Government on a voluntary basis.”

The main provisions of the EO include provisions directing the Department of Homeland Security to encourage development and formation of private-sector or non-profit sector Information Sharing and Analysis Organizations (ISAOs) and tasks the National Cybersecurity and Communications Integration Center (NCCIC) with coordinating ISAOs.  A second provision of the EO tasks the Secretary of Homeland Security with entering into an agreement with a nongovernmental organization to serve as the ISAO Standards Organization which “shall identify a common set of voluntary standards or guidelines for the creation and functioning of ISAOs under this order.”  The Standards Organization is tasked to develop:

  • Standards to further robust information sharing related to cybersecurity risks and incidents with ISAOs and among ISAOs and to foster development and adoption of automated mechanisms for information sharing;
  • Baseline standards that ISAOs should possess and be able to demonstrate;
  • The standards will also touch on contractual agreements, business processes, operating procedures, technical means, and privacy protections, such as minimization, for ISAO operation and ISAO member participation.