Private Sector Needs to Lead the Way On Information Sharing
Organizations engaged in the sharing of information related to cybersecurity risks and incidents play an invaluable role in the collective cybersecurity of the United States. www.certifiedisao.org
The Private Sector must take the lead in developing a new information sharing landscape. Government has provided the legislative and coordinating leadership across several Executive Orders and Presidential Directives. In addition, Government is working quickly to define “the role of Government” in a functional information sharing eco-system.
The purpose of 2015 Executive Order (E.O.) 13691 “Promoting Private Sector Information Sharing” was to encourage the voluntary formation of cyber threat information sharing and analysis organizations (ISAOs). The vision of ISAOs is to establish/expand a mechanism to continually improve the capabilities and functions of these organizations, and to better allow them to partner with the Federal Government on a voluntary basis.
The ISAO E.O. seeks to expand the potential of information sharing by providing the flexibility and focus on collaboration required to detect and deal with issues specific to the represented “community.” ISAOs can make individual entities stronger by connecting them - from sharing knowledge of sightings and threats to working as a team on mitigation techniques. The implementation of ISAOs is an enhancement to the national critical infrastructure protection systems. For the owners and operators of business entities NOT considered critical infrastructure, the ISAO E.O. is the invitation and method to connect and expand their cyber capacity.
The Department of Homeland Security (DHS) engages in direct as well as indirect relationships with critical infrastructure owners and operators across the full spectrum of cybersecurity and communications resilience threat and vulnerability detection, prevention, mitigation, and incident management. DHS focuses on activities encompassing threat and vulnerability mitigation, remediation, recovery, and reconstitution. However, a distributed approach to national resilience, from the bottom-up will truly assist to achieve measurable improvements in survivability, interoperability, and operational effectiveness under all conditions.
Executive Orders (EO), Presidential Policy Directives (PPD), and Framework to Strengthen Critical Infrastructure Cybersecurity
EO 13636 (Feb 2013) - Improving Critical Infrastructure Cybersecurity
PPD 21 (Feb 2013) - Critical Infrastructure Security and Resilience
(Feb 2014) - NIST Voluntary Framework
EO 13691 (Feb 2015) – Promoting Private Sector Cybersecurity Information Sharing