An important aspect of cybersecurity is the sharing of information between businesses and government entities. Collaboration on cybersecurity measures and being up-to-date on current data breaches facilitates a crucial shared understanding about the status of cybersecurity in the U.S. The idea is that if this information is shared, more can be done about potential hacks, and the continued conversation about security can include strategies to prevent future breaches.
So far this year, the U.S. government has been very vocal about its intentions to strengthen online security. In his State of the Union address on Jan. 20, President Obama emphasized the need to continue the conversation about cybersecurity and announced the need for federal legislation that would facilitate necessary information sharing. Then on Feb. 13, the President signed an executive order that stressed the importance of sharing cyberthreat knowledge between the private sector and federal agencies.
The White House has encouraged the development of private sector networks called Information Sharing and Analysis Organizations (ISAO) and Information Sharing and Analysis Centers (ISAC) to facilitate this transfer of knowledge. The main difference between these two kinds of sharing networks is that ISACs are industry-specific. According to the Department of Homeland Security, some small businesses don’t fit into available categories to join an ISAC and thus would be eligible to join an ISAO.
ISAO and ISAC use in the private sector
An important aspect of cybersecurity is the sharing of information between businesses and government entities. Collaboration between the public and private sector is a strategy the U.S. government hopes to use in order to help agencies and businesses deal with cyberthreats in as close to real time as possible. According to the DHS, sending information through an ISAO is crucial to help minimize or prevent threats to the public, the economy and government services. This information can also help predict where and when threats will appear in the future, reported The Wall Street Journal. For example, American Express announced before the Committee on Homeland Security and Government Affairs that the company received 5,000 cybersecurity alerts from the ISAC specific to financial services.
ISAOs are particularly helpful for small businesses, as companies unable to join industry-specific networks can have access to important cybersecurity knowledge. Network information sharing is also crucial because small businesses may not have the expertise or resources necessary to detect and combat cyberthreats on their own.
However information is transferred, it’s clear that in order to stay on top of the threats being levied against businesses and federal agencies alike, real-time data sharing is necessary.