ISAO SO Announces New Working Group: International

The ISAO SO stands up new working group to address the sharing of cybersecurity across international borders.

Cybersecurity information sharing is not a new concept.  For over a decade, the need to share information regarding cybersecurity vulnerabilities and incidents has been recognized by the community and much has been done, such as the creation of Information Sharing and Analysis Centers (ISACs) to address this need. The effort continued with the issuance of Executive Order 13691, which directed the creation of the Information Sharing and Analysis Organization Standards Organization (ISAO SO). The ISAO SO continues to build upon the many successes already achieved and to identify –or develop where needed– standards, guidelines, best practices and other products that will help build a national program of voluntary cybersecurity information sharing.

Since the announcement of EO 13691 in February 2015, government and industry have identified issues that need to be considered in identifying the guidance created. Several in person and online public forums have been hosted by the ISAO SO to discuss various aspects of information sharing and many additional comments have been provided on the subject via calls for comments. Coupled with the lessons already learned by existing information sharing organizations, there is a now growing body of knowledge addressing various aspects of information sharing.

In the fall of 2016, the ISAO SO published four initial voluntary guideline documents on the ISAO SO website. These publications were developed with the support of over 160 industry experts in response to EO 13691 to provide guidelines for robust and effective information sharing and analysis related to cybersecurity risks, incidents, and best practices. Most recently the ISAO SO added a new document, ISAO SP 4000: Protecting Consumer Privacy in Cybersecurity Information Sharing v1.0, with two additional documents to be published by October 31, 2017. For more information on upcoming documents, please visit the Future Products page.

“There are many issues that have been identified over the course of the last 20+ months, and we are working to address all of them through the same voluntary consensus-driven standards process we’ve always used,” said Allen Shreffler, ISAO SO Director of Lifecycle Management. “The initial focus of the ISAO SO working groups was providing the tools needed to form and grow an information sharing organization. We are now developing advanced topics for the information sharing community.”

Developing effective information sharing standards, guidelines, and processes, to bolster the Nation’s cybersecurity posture requires the engagement of a diverse group of subject matter experts. The Information Sharing and Analysis Organization Standards Organization (ISAO SO) is now seeking new members to work on the development of guidelines for ISAOs and companies who plan to share cybersecurity information internationally. The addition of an International working group is timely, since the ISAO SO will hosting the inaugural International Information Sharing Conference in Washington D.C. October 31 – November 1, 2017.

Working Group 5:  International

Objective: Provide ISAOs with the knowledge required to make informed decisions regarding the sharing of cybersecurity information across national borders and the addition of international members. Discuss and address the advantages, obstacles, and global restrictions that may impact how ISAOs operate.

Potential Topics:

  • The benefits, challenges, and risks that ISAOs and companies face when deciding to share cyber information internationally
  • Baseline laws and regulations that may include constraints that ISAOs should know about

Team members must be energetic, experienced, and ready to develop comprehensive, workable solutions. Most importantly, members must be able to work well in groups and to foster collaboration that leads to consensus. Your participation is welcome and essential. Action is needed and we anticipate a robust activity schedule driven by the urgency of this issue.

Interested parties are asked to complete the brief Join a Working Group application form located on the website expressing their desire to participate.