Following 9/11, many agencies began to recognize the importance of information sharing. The 9/11 Commission Report stated that agencies should share information amongst themselves, instead of feeling like they own the information they found, creating a “unity of effort.”[1] In addition, several agencies created initiatives to improve their information sharing efforts. For example, the Department of Defense created the Global Information Grid to connect networks that will connect everything. The Department of Justice created the Law Enforcement Information Sharing Program to improve information sharing between it and other law enforcement agencies.[2]
The White House released a document called “Trustworthy Cyberspace: Strategic Plan for the Federal Cybersecurity Research and Development Program” in 2011. It states that to face future cybersecurity problems, we must develop “an organized, cohesive foundation to the body of knowledge that informs the field of cybersecurity” for several reasons. Among these reasons are the following: organization of knowledge, discovery of universal laws, testable models and predictions, a systematic way to solve problems, and more.[3]
In 2015, President Obama released an executive order called “Promoting Sector Cybersecurity Information Sharing.” This order aims to encourage the formation of organizations that share information related to cybersecurity risks and the ability of these organizations to partner with the federal government voluntarily. The executive order states that the Secretary of Homeland Security will encourage the development of Information Sharing and Analysis Organizations (ISAOs). ISAO Standards Organizations (SOs) will create a set of standards that will encourage information sharing with and among ISAOs “to create deeper and broader networks of information sharing nationally.”[4]
The Cybersecurity Information Sharing Act (CISA) of 2015 also encouraged cybersecurity information sharing among government and private sector entities. The bill requires the Director of National Intelligence (DNI), Department of Homeland Security (DHS), Department of Defense (DOD), and Department of Justice (DOJ) to develop ways to share cybersecurity information with private entities, nonfederal government agencies, the public, and threatened entities. It also requires the DNI to report cybersecurity threats to Congress, and required the DHS to collaborate with the OMB to update government information security measures. Overall, this bill aims to improve the collaboration among governmental agencies and among nongovernmental entities regarding cybersecurity.[5]
In October 2016, NIST released Special Publication 800-150, which is called “Guide to Cyber Threat Information Sharing.” This document emphasizes the importance of information sharing in the wake of the treats that varying types of threat actors pose. Information sharing provides many benefits within a sharing community, including the leveraging of collective knowledge and capabilities, a more complete understanding of threats, better decision making, and being able to use information from multiple sources. Organizations can then use this information to protect themselves from threats and detect campaigns that might target them. Information sharing also allows entities to access information that would have been unavailable otherwise, and the members of a sharing community might face actors that use similar TTPs or target similar information. Other benefits of information sharing the publication outlines are shared situational awareness, improved security, knowledge maturation, and ability to defend themselves faster.[6]
According to the Heritage Foundation, information sharing is important because different entities in the private and public sectors can be warned about potential attacks or software problems. This is especially important for new threats so that other entities can look out for that threat and can better protect themselves from it. Information sharing can also help other entities fix existing vulnerabilities or prepare for a potential attack. The Heritage Foundation also argues that the federal government should be able to share any information related to cybersecurity so that no government agency will miss any important information.[7]
[1] https://www.ise.gov/core-awareness-training/moving-forward
[2] https://www.ise.gov/core-awareness-training/transformation-initiatives-underway
[3] Science of Cybersecurity PDF
[4] https://www.whitehouse.gov/the-press-office/2015/02/13/executive-order-promoting-private-sector-cybersecurity-information-shari
[5] https://www.congress.gov/bill/114th-congress/senate-bill/754
[6] NIST PDF
[7] http://www.heritage.org/research/reports/2014/04/cybersecurity-information-sharing-one-step-toward-us-security-prosperity-and-freedom-in-cyberspace