ISAO standards organization sets guidelines for sharing information


I want to congratulate the University of Texas at San Antonio (UTSA), in its capacity as the Information Sharing and Analysis Organization (ISAO) Standards Organization, for its outstanding work that resulted in the recent publication of four guidance documents in support of the creation and operation of ISAOs.

Executive Order (EO) 13691, issued in February of 2015, directed the Department of Homeland Security (DHS) to encourage the development and formation of ISAOs. Additionally, the EO required the department to select, through an open and competitive process, a non-governmental entity to serve as the ISAO Standards Organization. Through this process, DHS selected UTSA to serve as the ISAO Standards Organization with the purpose of identifying standards and guidelines for robust and effective information sharing and the widespread establishment of ISAOs. ISAOs go beyond critical infrastructure sectors and are formed on the basis of sector, sub-sector, region, or any affinity, including in response to particular emerging threats or vulnerabilities.

UTSA, in conjunction with its partners, engaged in a vigorous engagement process that gained public comments and feedback from more than 150 industry experts through online meetings, in-person forums and Request for Comment Periods for previous drafts. The results were considered and adjudicated in an open and transparent process using consensus-based development.

The recently released documents guide readers through the most critical considerations toward establishing a new ISAO. They identify laws and regulations for sharing cybersecurity information within the United States, particularly related to privacy and security concerns, and they describe the conceptual framework for sharing cybersecurity-related information that can facilitate information sharing.

As new ISAOs continue to form, the United States will gain new cybersecurity information sharing networks that will help to broaden cyber information sharing relationships. Establishing a broad network of ISAOs sharing information with each other and the federal government will change the game. If cyber indicators are shared broadly with DHS, it will drop a lot of the noise out of the system. It won’t eliminate sophisticated threats, but it will allow everyone to concentrate more on them by freeing up resources.

By working together, we can help protect each other from a wide variety of cyber threats and ultimately reduce the prevalence of cybersecurity compromises. Please visit the ISAO Standards Organization webpage for the publications and more information on the standards development process.

Copyright © 2016 IDG Communications, Inc.

7 hot cybersecurity trends (and 2 going cold)