US Executive Order on Information Sharing: A Government Security Leader’s Perspective

Recently, US President Barack Obama signed a new Executive Order to promote cyber security information sharing. As a government security leader and member of ISACA’s Government Relations and Advocacy Committee, I believe that this directive was significant because it demonstrates that government leaders can take bold steps to improve our security posture without an act of Congress. Some may argue that without legislative edicts, the new voluntary information sharing framework lacks the teeth to be successful. But I wholeheartedly disagree. As a longtime voluntary member of the Multistate Information Sharing and Analysis Center (MS-ISAC), I know from firsthand experience the value proposition of being part of an information sharing community, even one that is voluntary. If they build it, people will come, because in today’s threat-laden world, prompt access to actionable intelligence is vital.

So what does the Executive Order do? First, it elegantly expands the existing sector-based ISAC model to include regional and other information sharing constructs. In the order, all information sharing groups are collectively rebranded as Information Sharing and Analysis Organizations (ISAOs). The Executive Order also positions the National Cybersecurity and Communications Integration Center (NCCIC) to serve as the epicenter of ISAO information sharing. And finally, the order requires the adoption of consistent information sharing standards to be used by all ISAOs. Additional details can be found in the FAQ document on the White House website.

The US Department of Homeland Security is now soliciting feedback as it works to build out this new and vital link in our national security ecosystem. I am proud to report that I am one security leader who plans to belly up to the bar to lend my support because the more that we collaborate, the more secure we all will be.

As a member of ISACA, I am interested to hear your thoughts on this very important Executive Order.

Christopher P. Buse, CISA, CISSP, CPA
Chief Information Security Officer, MN IT Services

[ISACA]