You may have heard that President Obama signed an Information Sharing Order at a cybersecurity summit held at Stanford University on February 13. The policy as stated was put forth “In order to address cyber threats to public health and safety, national security, and economic security of the United States, private companies, nonprofit organizations, executive departments and agencies (agencies), and other entities must be able to share information related to cybersecurity risks and incidents and collaborate to respond in as close to real time as possible.” (Executive Order — Promoting Private Sector Cybersecurity Information Sharing, The White House).
The Summit brought together leaders from across the country who have a stake in this issue – industry, tech companies, law enforcement, consumer and privacy advocates, law professors who specialize in this field, and students – to collaborate and explore partnerships that will help develop the best ways to bolster our cybersecurity. In particular, they collaborated on information sharing and improving adoption of more secure payment technologies.
If you think about it for a moment, infrastructure and cybersecurity go hand in hand. Cyberspace touches every part of our daily lives; our schools, our hospitals, our supply chains, all depend on cyberspace; every critical infrastructure in America requires cybersecurity.
In part, this Summit and the President’s order regarding information sharing relies on an educational pillar, “shaping a cyber-savvy workforce.” (http://www.whitehouse.gov/cybersecurity). As stated on the Cybersecurity Foreign Policy page, “the federal government is partnering with the private sector and academia to encourage and support the innovation needed to make cyberspace inherently more secure.”
UMass has for years participated in many information sharing formats. Internally between campuses, collaborating on Cybersecurity month events and establishing the University Information Security Operations Center. We share information externally, as well, whether between the varying campuses and their vendors and respective supply chain components or through the coordination of a Cross-College Information Security Training.
Vertical and horizontal relationships have been built where cybersecurity has been a possible concern. The CEO of Palo Alto Networks has recently announced the Cyber Threat Alliance where vendors are making united efforts in the fight against sophisticated cyber adversaries. (http://www.cyberthreatalliance.org/ ). The University of Massachusetts has developed a Cybersecurity Task Force and preliminary task force report.
- Michael Daniel, CyberSecurity Coordinator at the White house, stated “We’re not going to solve all of the really sophisticated actors or defeat all the advanced persistent threats just by increasing information sharing. But we have seen industries that have increased their information sharing—such as in the financial services industry—and that does make a meaningful difference in being able to cut out a lot of the low-level attacks and intrusions. When you do that, then you can focus your humans on the more sophisticated intruders. I see this as a sort of baseline for us just to stay in the game” (“Nine Takeaways from the White House Cyber Security Summit,” eWeek.
Since 2003, the cybersecurity information sharing initiative among higher education institutions has been strong. The REN-ISAC serves colleges and universities, teaching hospitals, research and education network providers, and government-funded research organizations. “Today’s Executive Order will encourage additional information sharing with new partners, allowing greater information flow between organizations and cybersecurity professionals,” said REN-ISAC Executive Director Kim Milford. “REN-ISAC will leverage this sharing, bringing even greater benefit to the R&E community and other cybersecurity organizations and professionals.” (Safety Matters, Indiana University).
The Department of Homeland Security, , which operates on a continuing resolution for some time now, and the continuing resolution is due to expire on February 27th, 2015, also has a great role to play in helping orchestrate all of this through other federal agencies support and collaboration provided Congress approves their budget. Their budget and the three bills Federal Information Security Modernization Act, National Cybersecurity Protection Act, DHS Cybersecurity Workforce Recruitment and Retention Act will enable our federal government to help support these information sharing initiatives like REN-ISAC and the others to be more cohesive, collaborative, and successful.