The President has signed an order calling on DHS to encourage the formation of organizations that would share information related to cybersecurity risks and incidents and help those voluntary groups partner with federal agencies.
Ideally these Information Sharing and Analysis Organizations – ISAOs, would be organized on the basis of sector, sub-sector, region, or any other affinity, including in response to particular emerging threats or vulnerabilities, according to the order.
ISAO membership may be drawn from the public or private sectors, or consist of a combination of public and private sector organizations. ISAOs may be formed as for-profit or nonprofit entities.
The National Cybersecurity and Communications Integration Center – NCCIC, is to engage in continuous, collaborative, and inclusive coordination with ISAOs on the sharing of information related to cybersecurity risks and incidents, addressing such risks and incidents, and strengthening information security systems, the order said.
It further directs DHS to consult with other federal entities to select – through a competitive process – an NGO to serve as the ISAO Standards Organization charged with identifying a common set of voluntary standards or guidelines for the creation and functioning of ISAOs.