This post first appeared at Policy@Intel on March 9.
In an effort to accelerate cyber information sharing, and in response to a presidential executive order, the Department of Homeland Security recently announced the formation of the Information Sharing and Analysis Organization (ISAO) Standards Organization. The organization comprises six working groups, and I’ve been appointed chair of the Information Sharing Working Group. For those not familiar with the ISAO effort, it had its genesis in February 2015 as part of President Obama’s Executive Order 13691, “Promoting Private Sector Cybersecurity Information Sharing,” which directed the DHS to fund the enabling of a nongovernmental organization that would identify a set of voluntary standards and guidelines for the creation, operation, and functioning of cyber sharing and analysis. The intent is to expand the current sector-based model (financial, health, energy, etc.) of Information Sharing and Analysis Centers, enabling the development of innovative types of threat information sharing organizations using standard, consistent interoperable interfaces and data formats. Although this effort is in the very early stages, it is establishing the foundational guidance that will drive the evolving cyber threat intelligence sharing and analysis ecosystem.
Information sharing is crucial because cybersecurity is a shared problem. We must make sure one organization’s detection is a community’s prevention. Most businesses today don’t have cybersecurity as their primary mission. This puts the onus on the private sector to contribute to and use trusted, shared intelligence—ultimately augmenting and enhancing our collective security defenses.
As chair of the Information Sharing Working Group, I hope we can establish the use of standards, procedures, and practices that allow for more interoperability among differing types of sharing organizations. I’d also like to see the guidance we develop become useful not only in the United States but globally. Cyber threats are not simply a US problem; what we develop should be equally useful outside our borders. As such, the working group will be focused on:
- Developing guidance, procedures, and standards for data from internal and external sources.
- Analysis of threat, vulnerability, and incident data sharing information within ISAO to its members.
- Operational architectures and protocols for sharing information.
Both Intel and McAfee are participating in multiple ways and on multiple working groups. In addition to my chairmanship of the Information Sharing Working Group, company representatives will participate on the core development teams for other working groups of ISAO.
Intel and McAfee are heavily invested in the development of industry-wide standards that will increase information sharing between and within the public and private sectors while ensuring the appropriate privacy protections are in place. I look forward to chairing this working group. I trust we will make tremendous strides in the development of processes and procedures to further enhance information sharing that will evolve and improve the cyber threat intelligence sharing and analysis ecosystem.