The Cybersecurity Act of 2015 and multiple cybersecurity Executive Orders on information sharing have encouraged the establishment and expansion of industry-wide information sharing and analysis organizations (such as the Financial Services Information Sharing and Analysis Center) while also attempting to foster more information sharing between private sector companies (such as critical infrastructure owners and operators) and the federal government.  How successful have these information sharing efforts been, and what steps can be taken to further enhance the cybersecurity ecosystem as a result?

Mary Ellen Callahan, Privacy and Cybersecurity Attorney
Megan Stifel, Cybersecurity Policy Director, Public Knowledge
Leonard Bailey, Special Counsel, U.S. Department of Justice

Room 402-404

Readings:

Cybersecurity Information Sharing Act of 2015:

 

Consolidated Appropriations Act, 2016, Public Law 114-113at Division N, Title I the Cybersecurity Information Sharing Act of 2015: https://www.gpo.gov/fdsys/pkg/PLAW-114publ113/html/PLAW-114publ113.htm

 

Federal Materials:

 

Materials on the Department of Homeland Security, US-CERT, Automated Indicatory Sharing

https://www.us-cert.gov/ais

 

Sharing of Cyber Threat Indicators and Defensive Measures by the Federal Government Under the Cybersecurity Information Sharing Act of 2015 (February 2016): https://www.us-cert.gov/sites/default/files/ais_files/Federal_Government_Sharing_Guidance_%28103%29.pdf

 

Privacy and Civil Liberties Final Guidelines: Cybersecurity Information Sharing Act of 2015 (June 2016): https://www.us-cert.gov/sites/default/files/ais_files/Privacy_and_Civil_Liberties_Guidelines_%28Sec%20105%28b%29%29.pdf

 

Updated CISA FAQs, 2017(Department of Homeland Security and Department of Justice) (https://www.us-cert.gov/sites/default/files/ais_files/CISA_FAQs.pdf)

 

Presidential Executive Order on Strengthening the Cybersecurity of Federal Networks and Critical Infrastructure, May 2017: https://www.whitehouse.gov/the-press-office/2017/05/11/presidential-executive-order-strengthening-cybersecurity-federal

 

Information Sharing and Analysis Organization Standards Organization (ISAO SO) Materials:

 

ISAO SO publication: Introduction to Information Sharing (October 2016) : ISAO-300-1-Introduction-to-Information-Sharing-v1-01_Final.pdf

 

ISAO SP 4000: Protecting Consumer Privacy in Cybersecurity Information Sharing v1.0 (July 2017): https://www.isao.org/products/isao-sp-4000-protecting-consumer-privacy-in-cybersecurity-information-sharing-v1-0/

Leonard Bailey

Special Counsel
US Department of Justice

Mary Ellen Callahan

Privacy and Cybersecurity Attorney

Megan Stifel

Cybersecurity Policy Director
Public Knowledge