The feds are gearing up to share proactively in an effort to build trust across the layers of governmental entities, and across the public-private sector divide — and it will ultimately enable more productive sharing and communication among state and local governments.
For the federal government, 2015 is quickly turning into the year of cybersecurity. Though heralded with less fanfare, it’s also the year of cybersecurity for the state and local market. That’s because the feds are pushing cyberthreat information-sharing among companies and among governments, spanning the public and private sectors.
The feds are gearing up to share proactively in an effort to build trust not only across the layers of governmental entities, but also across the public-private sector divide. With only a couple of exceptions, states and municipalities should have a definite interest in being in the loop. For example, a cyberattack that creates a blackout will involve everyone, just like a power outage caused by a natural disaster.
Recently, President Obama signed an executive order at a Silicon Valley cybersummit that brought more focus to the goal of threat information-sharing. It specifically references “owners and operators of critical infrastructure, relevant agencies, and other public- and private-sector stakeholders,” encouraging the establishment of Information Sharing and Analysis Organizations (ISAOs). These ISAOs “may be organized on the basis of sector, subsector, region or any other affinity,” including a shared threat. So while expanding the scope of sharing, it also improves the ability for threat sharing to occur across all stakeholders, including state and local governments.
The administration launched another new initiative to improve its own sharing. A creature of the intelligence community, the Cyber Threat Intelligence Integration Center will make sure structures within Homeland Security and at U.S. Cyber Command have intelligence-generated threat information for a complete picture. Michael Daniel, White House cybersecurity coordinator, says this is the government getting its wiring straight. More fundamentally, the feds are hoping to foster a framework of trust in which both public- and private-sector entities will want to share information in the hopes of mitigating cyberthreats.
This is not strictly a federal thing. For those in state and local government, this development should be embraced. An administration proposal “to codify mechanisms for enabling cybersecurity information sharing between private and government entities, as well as among private entities, to better protect information systems and more effectively respond to cybersecurity incidents” will enable more productive sharing and communication among state and local governments.
These are welcome policy and economic developments. Cyberbreaches over the past year have increased in frequency and damage, and they fulfill the dire predictions echoing around for years: Cyberbreaches cost real money and the loss of valuable intellectual property. Just ask Target, Sony and Anthem.