The President’s order calling for the creation of cybersecurity information sharing and analysis organizations compliments legislation introduced in the Senate recently that addresses the question of liability when sharing information with the government.
The chair of the Senate Homeland Security and Governmental Affairs Committee, Tom Carper, D-Del, has introduced the Cyber Threat Sharing Act of 2015 designed to remove barriers to sharing information between agencies and the private sector.
Under the bill any cyber data sharing and analysis center or private organization can self-certify as an information sharing and analysis organization – and companies would have liability protection when sharing cyber threat data with the National Cybersecurity and Communications Integration Center or an information sharing and analysis organization – ISAO, that has self-certified it is following best practices (concerning privacy, for example).
The bill requires DHS to work to ensure that cyber threat data are shared with other federal entities in as close to real time as practicable with some effort made to limit personally identifiable information.
The bill follows cybersecurity legislation signed into law in December including: