President Obama’s Executive Order, Promoting Private Sector Cyber Security Information Sharing (Feb 13, 2015), is a push to bring Industry and Government closer together in the cybersecurity fight.
Industry has been preparing to share cyber threat intelligence for some time with the Financial Services industry through the Financial Services, Information Sharing and Analysis Center (FS-ISAC). While there are similar collaborative groups in other sectors, each industry segment approaches coordinated efforts in a different way. Communication across the sectors is not always standardized. As a result, President Obama’s most recent cybersecurity Executive Order is rightly focused on expanding information sharing organizations to, and between, a broader range of industry segments. The recent Executive Order also builds upon current public-private collaborative efforts between Government, and 16 industry sectors identified as critical infrastructure through Presidential Policy Directive 21 – Critical Infrastructure Security and Resilience and EO-13636, Improving Critical Infrastructure Cybersecurity.
Perhaps the most significant component of the President’s cybersecurity initiative is the notion of expanding information sharing between Government and Industry at large. Certainly, private-to-private information sharing will be extremely valuable, but it will pale in comparison to the potential value of a threat clearinghouse which includes threat feeds originating from Government agencies. As a former Department of Defense Cybersecurity Leader, I can personally attest to the potential value added by a more robust and inclusive information exchange between Government and industry. The Government faces two challenges as it moves forward with implementation of the President’s initiative. First, Government agencies will need to determine how to distill classified information down to a level that will not compromise national security, yet still be useful to Industry. Second, both Government and Industry will need to develop an effective process that provides for information sharing, without compromising sensitive customer information.
Edgewave fully supports President Obama’s Executive Order. The power of sharing information across cybersecurity systems and capabilities is fundamental to our Military-Grade approach. For 20 years, EdgeWave security systems have been built from the ground up, with information sharing and customer privacy in mind. But as always, the devil is in the details. For the President’s initiatives to be truly inclusive, and more importantly effective, the Government cannot follow the historical path of developing a program that is burdened with regulatory and compliance requirements. This path ends with participating organizations focusing more on administrative requirements than the actual value of the information being shared.
Here at EdgeWave, we are enthusiastic about the potential of a threat clearing house that we can contribute to through our real time threat intelligence, and leverage to make our security systems stronger and more effective for our customers. We will win this cyber war as an Industry-Government Team.
Mike Walls is Managing Director, Security and Operations and Analysis at EdgeWave. While on Active Duty in the U.S. Navy, Mike served as Commander Task Force 1030 reporting directly to the Navy’s Fleet Cyber Command, and was responsible for Cyber readiness of over 400,000 people, 300 ships, and 4,000 aircraft. Comments and questions for Mike Walls are welcome: firstname.lastname@example.org