On February 12th, a day before the White House held a cybersecurity summit at Stanford University, President Obama signed an Executive Order to “encourage and promote sharing of cybersecurity threat information within the private sector and between the private sector and government.”
The Executive Order is comprised of two major parts: encouraging private-sector cybersecurity collaboration and enabling better private-public information sharing.
Encouraging Private-Sector Cybersecurity Collaboration
The Executive Order supports the creation of information sharing and analysis organizations (ISAOs) to facilitate information sharing within the private sector as well as the government. These organizations can be based on geography, type of business, or within a business that wants to share with its employees and consumers, or its partners. The key here is to encourage discussion and collaboration around the fight against data breaches. The executive order also calls for the Department of Homeland Security to develop voluntary guidelines and standards for these ISAOs to follow to make aforementioned collaboration smoother and easier.
Enabling Better Private-Public Information Sharing
This portion of the Executive Order has the Department of Homeland Security streamlining the process of setting up sharing agreements between ISAOs and the National Cybersecurity and Communications Integration Center (NCCIC). The NCCIC works on the prevention and mitigation of cybersecurity threats on a national scale, so facilitating partnerships between private information sharing networks and the NCCIC will hopefully increase the effectiveness of this organization.
Perhaps the most compelling piece of this order is the ability for the Department of Homeland Security to approve classified information sharing agreements, with the intention of providing ISAOs access to classified cybersecurity threat information. This incentivizes the creation of ISAOs, by giving their members access to key intelligence on current threats that could help them secure their own networks.
This order helps pave the way for additional cybersecurity legislation, and should complement the data breach notification legislation in particular that House and Senate subcommittees are currently working on drafting.
To stay up to date on the latest data breach and cybersecurity news, sign up for Rippleshot’s weekly Data Breach Ripples Newsletter - subscribed to by MasterCard, Visa, FICO, and the U.S. Dept of Justice, among others.