DHS Invites Public Comments on Cybersecurity Information Sharing and Analysis Organizations

By Renee Dopplick, ACM Director of Public Policy
July 6, 2015

The U.S. Department of Homeland Security is accepting public comments on the establishment of new public-private organizations for cybersecurity information sharing. Comments are due July 10.

The new Information Sharing and Analysis Organizations (ISAOs) would be for-profit or nonprofit entities comprised of public and private sector members. The organizations would coordinate the sharing of information related to cybersecurity risks and incidents.

The structure also would include a nongovernmental ISAO Standards Organization responsible for identifying voluntary standards and guidelines for the functioning of the ISAOs. The standards and guidelines would address contractual agreements, business processes, operating procedures, technical means, and privacy protections. The standards would be developed in consultation with relevant government entities.

Stakeholders are asked to provide comments on the following:

1. Describe the overarching goal and value proposition of Information Sharing and Analysis Organizations (ISAOs) for your organization.

2. Identify and describe any information protection policies that should be implemented by ISAOs to ensure that they maintain the trust of participating organizations.

3. Describe any capabilities that should be demonstrated by ISAOs, including capabilities related to receiving, analyzing, storing, and sharing information.

4. Describe any potential attributes of ISAOs that will constrain their capability to best serve the information sharing requirements of member organizations.

5. Identify and comment on proven methods and models that can be emulated to assist in promoting formation of ISAOs and how the ISAO “standards” body called for by E.O. 13691 can leverage such methods and models in developing its guidance.

6. How can the U.S. government best foster and encourage the organic development of ISAOs, and what should the U.S. government avoid when interacting with or supporting ISAOs?

7. Identify potential conflicts with existing laws, authorities that may inhibit organizations from participating in ISAOS and describe potential remedies to these conflicts.

8. Please identify other potential challenges and issues that you believe may affect the development and maturation of effective ISAOs.

Read the Federal Register announcement: Notice of Request for Public Comment Regarding Information Sharing and Analysis Organizations.

For additional information about the creation of ISAOs and their purpose, read Executive Order 13691 of February 13, 2015.