Last week, President Obama issued an executive order promoting cybersecurity information sharing. Specifically, the executive order directs the Secretary of Homeland Security to encourage the development and formation of Information Sharing and Analysis Organizations (ISAO). The Secretary of Homeland Security is directed to enter into an agreement with a nongovernmental organization to serve as an ISAO Standards Organization, which will identify a common set of voluntary standards or guidelines under which ISAOs should operate. In addition, the order instructs the National Cybersecurity and Communications Integration Center to collaborate with ISAOs to identify cybersecurity risks and strengthen information security systems. This order builds on a previous executive order issued in February 2013 that increased information sharing between the government and the private sector (see our coverage here). It also complements the administration’s proposed cybersecurity legislation to facilitate information sharing.
Information sharing is increasingly regarded as one of the best defenses against data breach. Many businesses already affiliate with industry groups that aggregate and distribute information on cyber threats facing the industry. Last year, the Department of Justice and the Federal Trade Commission released a joint policy statement (discussed further here) announcing that “properly designed sharing of cybersecurity information should not raise antitrust concerns.” Increased information sharing on cybersecurity issues will provide businesses with better tools to defend against cyber threats.