The Federal Register has the original solicitation where DHS is requesting public comments regarding Information Sharing and Analysis Organizations:
On February 13, 2015, President Obama signed Executive Order 13691 intended to enable and facilitate “private companies, nonprofit organizations, and executive departments and agencies . . . to share information related to cybersecurity risks and incidents and collaborate to respond in as close to real time as possible.” The order addresses two concerns the private sector has raised:
- How can companies share information if they do not fit neatly into the sector-based structure of the existing Information Sharing and Analysis Centers (ISACs)?
- If a group of companies wants to start an information sharing organization, what model should they follow? What are the best practices for such an organization?
ISAOs may allow organizations to robustly participate in DHS information sharing programs even if they do not fit into an existing critical infrastructure sector, seek to collaborate with other companies in different ways (regionally, for example), or lack sufficient resources to share directly with the government. ISAOs may participate in existing DHS cybersecurity information sharing programs and contribute to near-real-time sharing of cyber threat indicators.
This effort in support of President Obama’s recent Executive Order 13691 with the goal of creating a public/private industry/government information sharing partnership. The only way to fight malicious attackers is to share threat data.
Hopefully the government comes to their senses and restrains from classifying every last little iota of cyber threat information they touch. Like a young child who can reach the cookie jar when Mom isn’t looking, sadly, I doubt the US government will keep the data unclassified.