As Mark MacCarthy, SIIA VP of Public Policy, wrote in a column last week, when it comes to Cybersecurity: Sharing is Caring! Information sharing on known cyber threats and vulnerabilities is the most critical component to prevent and mitigate attacks. When a company detects a breach, a crucial next step is to immediately let other companies and government agencies know about it right away. If one company is under attack, it is likely that other enterprises and institutions are also vulnerable. But without timely warnings, organizations have no ability to prepare their own defenses and team up to prevent the spread of attacks.
Today, at a White House Summit on Cybersecurity, President Obama echoed this message and signed an Executive Order (EO) to enhance the culture of cyber info. sharing. Specifically, the EO would promote the creation of information sharing and analysis organizations, (ISAOs) to serve as central points to share information on particular threats and in specific regions. The EO also encourages the development of voluntary standards to which these organizations to comply, and it gives DHS and new National Cybersecurity and Communications Integration Center (NCCIC) the authority to share threat data with the information hubs. Importantly, the EO also seeks to provide companies easier access to classified cybersecurity data.
SIIA applauds the President’s commitment to improving cybersecurity threat information sharing, and these helpful contributions to that goal.
The next step is legislation that provides companies with targeted and appropriate liability immunity would provide an incentive to companies to reveal vulnerabilities and threats. Cyber security is a unanimous, bipartisan national priority. SIIA urges Congress to move with all deliberate speed to enact legislation to complete this process.