From: Lexology
Kevin Petrasic, Dr. Trevor W. Nagel and Matthew Bornfreund | White & Case LLP
CISA requires DHS—along with the Director of National Intelligence, Secretary of Defense, and Attorney General, in consultation with the heads of the appropriate Federal entities—to develop and publish guidelines and procedures for sharing and receiving cyber threat indicators (“CTIs”) and defensive measures (“DMs”). On February 16, 2016, DHS issued publications on federal agencies sharing information among themselves, handling the receipt of information, and protecting privacy and civil liberties.[2] DHS also issued Guidance to Assist Non-Federal Entities to Share Cyber Threat Indicators and Defensive Measures with Federal Entities under CISA (“Guidance”). The Guidance explains what constitutes CTIs and DMs, and clarifies how private companies can share CTIs and DMs in a way that receives liability protection under CISA, including under DHS’s Automated Indicator Sharing (“AIS”) initiative. On March 16, 2016, DHS issued an updated Privacy Impact Assessment regarding its AIS initiative under the Guidelines.[3]
Information Sharing Under CISA
The goal of CISA is to encourage cybersecurity information sharing to advance security. The sharing of cybersecurity information generally conflicts with corporate goals to protect intellectual property and avoid related legal risks. CISA is intended to overcome these obstacles and increase the sharing of information critical to enhancing cybersecurity protection.[4]
Leave a Reply