FACT SHEET: Executive Order Promoting Private Sector Cybersecurity Information Sharing

(Before It's News)

Today, President Obama will sign an Executive Order to encourage and promote sharing of cybersecurity threat information within the private sector and between the private sector and government. Rapid information sharing is an essential element of effective cybersecurity, because it enables U.S. companies to work together to respond to threats, rather than operating alone. This Executive Order lays out a framework for expanded information sharing designed to help companies work together, and work with the federal government, to quickly identify and protect against cyber threats.

Encouraging Private-Sector Cybersecurity Collaboration

Encourage the development of Information Sharing Organizations: This Executive Order encourages the development of information sharing and analysis organizations (ISAOs) to serve as focal points for cybersecurity information sharing and collaboration within the private sector and between the private sector and government. Information Sharing and Analysis Centers (ISACs) are already essential drivers of effective cybersecurity collaboration, and could constitute ISAOs under this new framework. In encouraging the creation of ISAOs, the Executive Order expands information sharing by encouraging the formation of communities that share information across a region or in response to a specific emerging cyber threat.  An ISAO could be a not-for-profit community, a membership organization, or a single company facilitating sharing among its customers or partners.

Develop a common set of voluntary standards for information sharing organizations: The Executive Order also directs the Department of Homeland Security to fund the creation of a non-profit organization to develop a common set of voluntary standards for ISAOs. Developing this baseline will enable ISAOs to quickly demonstrate their policies and security protocols to potential partners. This will make collaboration safer, faster, and easier, and ensure greater coordination within the private sector to respond to cyber threats.

Enabling Better Private-Public Information Sharing

Clarify the Department of Homeland Security’s authority to enter into agreements with information sharing organizations: The Executive Order also increases collaboration between ISAOs and the federal government by streamlining the mechanism for the National Cybersecurity and Communications Integration Center (NCCIC) to enter into information sharing agreements with ISAOs. This will ensure that robust, voluntary information sharing continues and expands between the public and private sectors. The administration intends this expanded sharing to complement existing effective relationships between government and the private sector.

Streamline private sector companies’ ability to access classified cybersecurity threat information: Classified threat information can often provide valuable context to network defenders and enhance their ability to protect their systems. The Executive Order adds the Department of Homeland Security to the list of Federal agencies that approve classified information sharing arrangements and takes steps to ensure that information sharing entities can appropriately access classified cybersecurity threat information.

Providing Strong Privacy and Civil Liberties Protections

The Executive Order ensures that information sharing enabled by this new framework will include strong protections for privacy and civil liberties. Private sector ISAOs will agree to abide by a common set of voluntary standards, which will include privacy protections, such as minimization, for ISAO operation and ISAO member participation. In addition, agencies collaborating with ISAOs under this order will coordinate their activities with their senior agency officials for privacy and civil liberties and ensure that appropriate protections for privacy and civil liberties are in place and are based upon the Fair Information Practice Principles.

Paving the Way for Future Legislation

The Executive Order also complements the Administration’s January 2015 legislative proposal, and paves the way for new legislation, by building out the concept of ISAOs as a framework for the targeted liability protections that the Administration has long asserted are pivotal to incentivizing and expanding information sharing. The Administration intends this proposal to complement and not to limit existing effective relationships between government and the private sector.

Source: http://www.whitehouse.gov/the-press-office/2015/02/12/fact-sheet-executive-order-promoting-private-sector-cybersecurity-inform

• Statement by the President on the Departure of Ron Klain
• Presidential Nominations Sent to the Senate
• Press Briefing by Press Secretary Josh Earnest, 2/18/2015
• FACT SHEET: Launching the Every Kid in a Park Initiative and Designating New National Monuments
• Vice President Biden and Dr. Jill Biden to Travel to Uruguay and Guatemala
• Obama’s “Fake War” Against The Islamic State (ISIS). The Islamic State is Protected by the US and its Allies
• Imam Obama defends “true peaceful nature of Islam”
• Remarks by the President in Closing of the Summit on Countering Violent Extremism
• FACT SHEET: The White House Summit on Countering Violent Extremism
• Jeff Rense & Gerald Celente – The Real Obama Surfaces 15 Minute Clip