Promoting Private Sector Cybersecurity Information Sharing
Feb 20, 2015
Signed by: Barack Obama
Signed on: Feb 13, 2015
Published on: Feb 20, 2015
Feb 20, 2015
Signed by: Barack Obama
Signed on: Feb 13, 2015
Published on: Feb 20, 2015
Summary
Creates groups for companies and the government to voluntarily share information about computer security threats to better protect the country.
What problem does this solve?
Cyberattacks threaten the country's safety and economy, but organizations often fight these threats alone. This order creates a way for private companies and the government to work together by sharing threat information.
What does this order do?
Encourages new information sharing groups
Promotes the creation of Information Sharing and Analysis Organizations (ISAOs) where private companies, non-profits, and government can voluntarily share cyber threat data.
Establishes a standards body for sharing groups
Directs the government to pick a non-government group to create voluntary standards for how ISAOs should operate, including rules for privacy and security.
Designates a central hub for government collaboration
Names the National Cybersecurity and Communications Integration Center (NCCIC) as the main government body to work with ISAOs on sharing threat information.
Requires privacy and civil liberties protections
Orders federal agencies to build privacy protections into all information sharing activities, based on the Fair Information Practice Principles.
Updates rules for sharing classified information
Changes the National Industrial Security Program to make it easier to share classified security information with private partners in critical infrastructure sectors.
Who does this affect?
- Private sector companies
- Federal government agencies
- Non-profit organizations
What is the real world impact?
•
Creates a united front against cyberattacks
Combines the knowledge of private companies, who own most of the digital systems, with the government's security resources to create a stronger national defense against hackers and other cyber threats.
•
Raises privacy concerns over data sharing
Critics may worry that encouraging companies to share threat data with the government could lead to increased surveillance or the misuse of private customer information, despite the order's privacy protection rules.
When does this start?
This order became effective when it was signed on February 13, 2015.