Will Obama's Information Sharing Plan Work?NH-ISAC Leader Sizes Up Potential Pitfalls
New information sharing and analysis organizations, or ISAOs, being formed as a result of President Obama's recent executive order must avoid becoming silos that selectively share cyberthreat intelligence "within their own walls" and not with other entities that also need to be in the loop. That advice comes from Deborah Kobza, executive director of the National Health Information Sharing and Analysis Center, one of about a dozen longstanding ISACs that will continue in their leadership roles.
ISACs are not-for-profit consortia focused on specific industries that provide fee-paying members with services that include risk mitigation, incident response, alerts and information sharing. Unlike ISACs, the new ISAOs will be more narrowly focused, and could be organized by industry, an industry sub-sector, region or any other affinity, including in response to particular emerging threats or vulnerabilities. An ISAO could have public and private sector members and be a commercial or not-for-profit enterprise.
While Kobza says that President Obama's executive order puts a bigger focus on the importance of increased bi-directional cyber-intelligence information sharing and coordinated response across all sectors, "there is a danger that you could have silo ISAOs that only share intelligence within their walls and don't reach out to other organizations," she says.
Newly formed ISAOs must work with each other, and also with the ISACs that are already in place in healthcare, financial services and other sectors, she says in an interview with Information Security Media Group. "Having that sector and cross-sector intelligence and analysis ... is incredibly critical.
"The one thing the ISAOs need to keep in mind is that sharing intelligence and information around cybersecurity threat indicators and countermeasures solutions ... cannot be a competitive environment; we all need to work together."
In his speech at a cybersecurity summit moments before Obama signed the information sharing executive order on Feb. 13, Obama characterized the ISAOs as "hubs" that also could share threat information with each other.
In the meantime, the nation's dozen-plus ISACs, including NH-ISAC, "have put into place a structure to not only share intelligence manually, but an automated threat intelligence platform that does machine-to-machine intelligence sharing," Kobza says.
The automated platform used by NH-ISAC, for instance, leverages standards such as Structured Threat Information eXpression, or STIX, and Trusted Automated eXchange of Indicator Information, or TAXII. That enables organizations to share threat intelligence in real time, "and to connect the dots ... and work toward a proactive response rather than reactive," she says.
In the interview, Kobza also discusses:
- What she hopes will emerge from the Obama information sharing executive order;
- The impact the Obama executive order will have on NH-ISAC;
- The key differences she sees between the new ISAOs the existing ISACs.
Kobza heads the NH-ISAC, which is based at the Global Situational Awareness Center at Kennedy Space Center. She is certified in the Governance of Enterprise Information Technology and National Information Exchange (U.S. Department of Justice). She has more than 30 years of experience in risk-based enterprise technology, security, information assurance, data governance, research and workforce education for government, academia and healthcare organizations. Kobza also serves as president of the Global Institute for Cybersecurity + Research, or GICSR.