What if there was a way to efficiently connect existing government cybersecurity resources with state, local, tribal and territorial entities that needed them? Better yet, what if there was a national effort to rapidly identify the unmet cybersecurity information sharing needs of state, local, tribal and territorial entities and a vehicle to connect them with public and private partners for solutions? The result would be a targeted effort to increase security and awareness resulting in improved cyber posture for all stakeholders.
Since its creation in October 2015 in response to presidential Order 13691, the Information Sharing and Analysis Organization Standards Organization (ISAO SO) has prioritized and placed a premium on public feedback. The resulting rich dialogue and deep collaboration has been incorporated into a voluntary consensus standards development process that fully leverages industry, government, and academic expertise through six public working groups. Each working group consists of leaders from industry, academia and government who lend their expertise and knowledge to the development of ISAO SO guidelines.
The Government Relations Working Group (WG6) was created to optimize the relationship between ISAOs and the Intelligence Community, Law Enforcement, U.S. Regulators, and Homeland Security. WG6 also examines roles and responsibilities at the Federal, State, and Local level to enhance collaboration, enablement, and support of national and international ISAOs. Its current project is a National level initiative to better understand the information sharing landscape across regional, state, local, tribal, and territorial entities. The group recently launched a survey to connect and communicate with the information sharing community and to identify the unmet cybersecurity needs of stakeholders.
This two-part survey aims to identify current cybersecurity information sharing capabilities of regional and SLTT entities and information needs that may exist between SLTT government, the federal government, regional entities and ISAOs.
Part I of the survey is to be completed by members of SLTT entities (governmental organizations). Part II of the survey may be completed by members of associations, ISAOs, and ISACs (private sector organizations).
In September 2016, the Government Relations Working Group published ISAO 600-2: US Government Relations, Programs and Services to identify preliminary matters of policy and principles, state and local government perspectives, and relevant federal laws regarding cybersecurity information sharing within the United States.
The next document to be published from WG6, ISAO 600-3: The Cybersecurity Information Sharing and Analysis Ecosystem at the Regional, State, Local, Tribal, and Territorial (SLTT) Government level explores
- Bi-directional relationships between ISAOs and State, Local, Tribal, and Territorial (SLTT) governments and Regional organizations (public and private)
- SLTT and Regional organization information sharing capabilities and needs.
Results from this survey will assist the working group in document development and provide solutions for the SLTT cybersecurity information sharing ecosystem.
The survey is available here.
For more information on getting involved in the development process with ISAO SO working groups, please visit the Working Groups page.