DHS Releases 4 Guidelines for Cyber Threat Info-Sharing

by Chris Talipsky 17. March 2016 13:39
Following the 2015 passage of the Cybersecurity Information Sharing Act (CISA), which we wrote about previously, the Department of Homeland Security (DHS) has released their guidelines for how government and the private sector are to share their threat data. The CISA is the largest cybersecurity legislation to have passed in 2015, and initially did not include instruction to the private sector and government regarding how the threat data is to be shared, and how personally identifiable information should be handled. Proponents of the legislation note that information is the biggest weapon against cyber-threats and malicious actors, and sharing this information between the private sector and government will offer leverage against cyber-attacks. The guidance also explains how the shared information will be used, which may allay opponents’ fear of misuse. DHS Secretary Jeh Johnson noted that “…Companies are required to remove personal information before sharing cyber threat indicators and DHS is required to conduct a privacy review of received information and has implemented its own process.” The DHS guidance consists of four documents: · Sharing of Cyber Threat Indicators and Defensive Measures by the Federal Government · Guidance to Assist Non-Federal Entities to Share Cyber Threat Indicators and Defensive Measures with Federal Entities · Interim Procedures Related to the Concept of Cyber Threat Indicators and Defensive Measures by the Federal Government · Privacy and Civil Liberties Interim Guidelines It is important for companies in the private sector to read the appropriate guidance and make sure that they are in compliance regarding the data that is shared. Some of it receives liability protection and some does not.
Categories: cyber security