President Obama Issues Executive Order Urging Industry to Share Cybersecurity Information
We previously blogged about President Obama’s increased focus on privacy and data security issues. Consistent with that focus, on February 13, 2015, President Obama issued an Executive Order entitled, “Promoting Private Sector Cybersecurity Information Sharing.”
The Order urges companies to develop and join “Information Sharing and Analysis Organizations” (“ISAOs”), where members can share information related to cybersecurity risks and incidents to better prevent cyber threats. ISAO membership may be based on any affinity, including industry sector, or as a response to particular cyber threats or vulnerabilities. ISAOs may include public or private sector members, and they may be formed as for-profit or nonprofit entities. Significantly, the Order contemplated situations where the federal government may grant ISAOs security clearance so that the federal government may share classified information with the ISAOs. Recognizing the privacy implications, the Order also called for information sharing to be conducted pursuant to appropriate protections for privacy and civil liberties.
Companies in most industries have balked at sharing this type of data. Among other things, companies have historically been concerned that sharing such data will expose the company to legal liability, and they have called for safe harbor from liability. Though the Order did not grant this safe harbor, it incentivizes companies by granting companies potential access to critical classified information that could be used to thwart cyber attacks. Without the safe harbor, however, it remains to be seen whether the industry will be willing to share cyber threat data, and whether the sharing of that data will lead to civil actions and other legal liability.
Photo from Opensource.com from Flickr
Photo cropped from original