Pierluigi Paganini February 14, 2015

The US President Obama has recently announced a new Executive Order Promoting Private Sector Cybersecurity Information Sharing.

Cyber security is a primary goal for the President Obama’s administration, aligned with national cyber strategy, the American President has signed a new Executive Order to promote the sharing of cyber threat information among private sector organizations and government entities.

The information sharing is a key element in the fight against the principal cyber threats, only by knowing the tactics techniques and procedures (TTPs) related to threat actors is possible to mitigate their malicious actions.

“Rapid information sharing is an essential element of effective cybersecurity, because it enables U.S. companies to work together to respond to threats, rather than operating alone. This Executive Order lays out a framework for expanded information sharing designed to help companies work together, and work with the federal government, to quickly identify and protect against cyber threats.” states the Executive Order.

President Obama already urged cyber threat intelligence sharing with a previous executive order issued in February 2013.  2013 Executive Order highlighted the necessity to improve the information sharing process as part of a strategy to improve the Critical Infrastructure Cybersecurity.

This new Executive Order provides further details on information sharing, especially for the information exchange with the private industry.

“I am signing a new executive order to promote even more information sharing about cyber threats both within the private sector and between government and the private sector,” Obama explained at White House Summit on Cybersecurity and Consumer Protection in Stanford on Friday.

The Executive Order comes a few days after the announcement of the US Government to create a new Government Unit, the Cyber Threat Intelligence Integration Center, which is going to co-ordinate all the other Government units that work towards providing a more effective defence against cybercrime. The new center will fill the gaps that currently exist among the services, which lead to delays and miscomprehensions.

The Executive Order has highlighted the intent to protect the privacy and civil liberties by defining a common set of standards and protocols.

“So government can share with [private-industry] hubs more easily. It will make it easier for them to get classified cybersecurity threat information they need to protect their companies,” declared the President Obama.

The new Executive Order will encourage more private companies to set up hubs dedicated to threat information sharing with peers and government agencies, it was prepared with the following goals:

• Encouraging Private-Sector Cybersecurity Collaboration
• Enabling Better Private-Public Information Sharing
• Providing Strong Privacy and Civil Liberties Protections
• Paving the Way for Future Legislation

The US Government is also planning to create a new agency dedicated to cyber security in response to the growing number of cyber attacks American firms like Sony and JP Morgan.

I invite you to give a look to the Executive Order document.

Pierluigi Paganini

(Security Affairs –  Executive Order, President Obama)