Study and considerations on Information Sharing and Analysis Organizations
A. Executive order 13691— promoting private sector cybersecurity information sharing
On February 13, 2015, President Obama signed Executive Order 13691—Promoting Private Sector Cybersecurity Information Sharing. Recognizing the need for an additional model to facilitate cybersecurity cooperation among the private and public sectors, academia, and other stakeholders, the executive order specifically called for the creation of Information Sharing and Analysis Organizations (ISAOs).
Having issued the executive order, the President implicitly charged the private sector, his executive agencies, Congress, and other stakeholders to work together to transform ISAOs from theory into practice. This effort by the U.S. government will include establishing a non-governmental organization to serve as the ISAO Standards Organization, which will build a voluntary set of guidelines for the creation and operation of ISAOs.
After consulting with various stakeholders, PwC convened a half-day summit of government, academic, industry, and other specialists in information-sharing and analysis. The summit’s purpose was to identify and refine best practices for information-sharing and analysis—practices that can inform both the ISAO Standards Organization (as it develops guidelines) and the Department of Homeland Security (DHS) and the White House as they continue to assist industry and foster development of ISAOs. The insights and outcomes of this summit, as well as from subsequent interviews with stakeholders, are summarized below.