How the White House Wants to Share Cyber Threat Info

Legislative language the White House has sent to Congress for consideration is an attempt to set the ground rules for making it easier for industries across the nation to share cyber threat information.


Legislative language the White House has sent to Congress for consideration is an attempt to set the ground rules for making it easier for industries across the nation to share cyber threat information.

The initiative would lift legal barriers to sharing the information and preempt federal, state and local laws that may interfere with sharing.

Under the plan that President Obama proposed on Jan. 13, the legislation would authorize “any private entity to disclose lawfully obtained cyber threat indicators, notwithstanding any other provision of law, to private information sharing and analysis organizations and to the Department of Homeland Security’s National Cybersecurity and Communications Integration Center.”

The proposed legislation defines cyber threat as: “any action that may result in unauthorized access in order to damage or impair the integrity, confidentiality, or availability of an information system or unauthorized exfiltration, deletion, or manipulation of information that is stored on, processed by, or transitioning an information system, except that exceeding authorized access of an information system shall not be considered a cyber threat if such access solely involves a violation of consumer terms of service or consumer licensing agreements.”

The proposal includes a definition of what a cyber threat indicator is that covers a number of areas: malicious gathering of information, defeating technical or operational controls, a technical vulnerability, phishing, and malicious cyber command and control.

Any private entity also could submit threat indicators to another federal entity, such as the FBI, for investigative purposes. All entities receiving or disclosing threat indicators “may only use , retain or further disclose cyber threat indicators for the purpose of protecting an information system from cyber threats, identifying or mitigating such threats, or for reporting a crime.” Entities must take steps to minimize information that could identify specific persons who reasonably would be unrelated to a cyber threat.

The President’s proposal calls for the National Cybersecurity and Communications Integration Center (NCCIC) within Homeland Security to receive and distribute cyber threat indicators as close to real-time as practical. Cyber threat indicators sent by entities to NCCIC would be shielded from disclosure under the Freedom of Information Act and state disclosure laws.

Law enforcement agencies could use cyber threat indicators to support investigations not just for computer crimes but also threats of death or serious harm, serious sexual and physical safety threats to minors, or attempts to commit any of these offenses.

The legislative language and plain-English summaries are available here.

More for you

Loading data for hdm_tax_topic #reducing-cost...