Will Information Sharing Improve Cybersecurity or Perpetuate ‘Insecurity’?

President Barak Obama continues to roll out his cybersecurity agenda. On February 13, 2015 the President signed an Executive Order intended to promote information sharing regarding cyber threats impacting the private sector.

The President signed the order at the White House Summit on Cybersecurity and Consumer Protection in Palo Alto, California. “There’s only one way to defend America from these cyber threats and that is through government and industry working together, sharing appropriate information as true partners,” he remarked.

To quickly identify and protect against cyber threats, the Executive Order lays out a framework for expanded information sharing via information sharing and analysis organizations (ISAOs). As the President described when first announcing his cybersecurity initiatives, the new entities will serve as focal points for cybersecurity information sharing and collaboration within the private sector and between the private sector and government.

Under the plan, ISAOs will alert businesses about potential threats while also collecting information from the private sector about cyberattacks or data intrusions. The new organizations can be private or public organizations, or consist of a combination of the two. They may also be formed as for-profit or nonprofit entities.

The Department of Homeland Security’s National Cybersecurity and Communications Integration Center (NCCIC) will coordinate with ISAOs on the sharing of information related to cybersecurity risks and incidents. The Executive Order also directs the agency to fund the creation of a non-profit organization to develop a common set of voluntary standards for ISAOs.

While some criticize the Executive Order because it does not address providing businesses with a safe harbor when providing information about cyber risks, the White House maintains that it will “pave[] the way for new legislation, by building out the concept of ISAOs as a framework for the targeted liability protections that the Administration has long asserted are pivotal to incentivizing and expanding information sharing.”

Despite the absence of liability protection at this time, several large corporations, including Apple, Intel, and Pacific Gas and Electric Co., have already committed to the plan. As American Express Co. CEO Kenneth Chenault stated during the White House Summit, “[i]nformation sharing may be the single highest-impact, lowest-cost and fastest way to implement capabilities we have in hand as a nation to accelerate our overall defense.”

Do you have any feedback, thoughts, reactions or comments regarding Obama’s Executive Order or his cybersecurity agenda in general? Feel free to leave a comment below and follow the twitter accounts @CyberPinguelo, @eWHW_Blog, @S_H_Law. If you have any questions about this post or would like assistance with your data security efforts, please contact me, Fernando M. Pinguelo or the Scarinci Hollenbeck attorney with whom you work.