On Thursday April 30th, the Institute for Critical Infrastructure Technology (ICIT) hosted its monthly Fellow Meeting with featured thought leader Michael Echols, Director of Special Initiatives, Critical Infrastructure and Key Resources Cyber Operations Management (CIKR-COM) at the Department of Homeland Security (DHS).
Mr. Echols led an interactive discussion with ICIT Fellows, federal leaders from agencies including DNI, DHS, TSA, NARA and the U.S. House of Representatives, a NATO representative and academic thought leaders from George Mason University and the University of Maryland on the President’s recent Executive Order 13691, “Promoting Private Sector Cybersecurity Information Sharing.”
The primary objective of the executive order is to promote the creation of Information Sharing and Analysis Organizations (ISAOs), which enable entities with similar interests a structured framework to share security information in order to better protect themselves. Mr. Echols explained the potential of ISAOs: “They [ISAOs] represent an opportunity to open a pathway for new entries; for new players to come on the field and to train their own players.” Responding to concerns that ISAOs were redundant and a distraction from ISACs and other existing information sharing programs, Mr. Echols explained ISAOs are in fact force multipliers that allow entities the opportunity to define and meet their specific needs. For example, a group of community banks or academic research centers could come together and form an ISAO to support their unique challenges and circustances. Mr. Echols pointed out that ISAOs are not new; they were first established by the Department of Homeland Security Act of 2002. Dozens of ISAOs have been created prior to the executive order (a fact several members of the audience supported with firsthand examples); the ISAO executive order is simply the President calling for the creation of a framework to enable more entities to establish ISAOs on their own.
Mr. Echols explained that one of the main reasons the President’s initiative is necessary is because small and mid-size businesses, the engine of the American economy, are being hurt by cyber-attacks and are suffering from low levels of cyber awareness. ISAOs are also advantageous because they are built on networks of trust, which is the greatest barrier to information sharing. Mr. Echols emphasized that the people forming ISAOs are already connected and therefore possess a basic level of trust in each other which doesn’t necessarily exist in other information sharing environments.
The meeting also gave attendees, including ICIT Fellows HP Enterprise Security, WatchDox (recently acquired by Blackberry), Covenant Security Solutions and NewLight Technologies, an opportunity to provide DHS recommendations to improve the implementation of the President’s executive order and existing DHS guidelines. Suggestions included providing incentives for businesses and organization to improve their cybersecurity posture similar to what was done for the healthcare industry, increased education, and creating public service announcements to raise the public’s awareness of the serious threat of cyber attacks.
At the meeting, ICIT also welcomed new fellow ELXR Health. ELXR, a health information exchange platform, gives patients greater control over their health data by allowing them to decide what information is shared by their provider to HIEs. The end result is improved patient privacy and reduced risk for the provider. ELXR Health will be participating in the June 2 Health Sector Fly-In on Capitol Hill sponsored by the Senate Committee on Health Education, Labor and Pensions and Co-hosted by ICIT, NH-ISAC and the Health Sector Coordinating Council.