In February 2015, then-President Barack Obama signed Executive Order 13691, describing the critical need for cybersecurity information sharing and strongly encouraging the formation and development of Information Sharing and Analysis Organizations (ISAOs).
Since the executive order was issued, a significant number of public and private organizations have responded to this national imperative and have begun to share cybersecurity threat information, improve collective understanding of the threat environment, increase security and preparedness and collaborate on best practices. This cohesive public and private community-based cooperation has enabled ISAO members and partners to become stronger, safer and more resilient.
Information sharing at the state, local, tribal and territorial (SLTT) level has similar manifest value and should be targeted for expansion. Many private and governmental entities, however, have not yet undertaken effective cybersecurity threat information sharing, some out of reluctance, others for lack of knowledge. Accordingly, the ISAO 600-1: A Framework for State-Level ISAOs document provides a resource for facilitating effective cybersecurity sharing and analysis within states for those already participating in the arena and for those who should be. The matters presented include the following:
· A business case for SLTT information sharing
· The identification of state-level stakeholders
· Potential organizational models for the governance and administration of a state-level information-sharing program
· Discussion of various relevant state-level services and capabilities
· A framework for state-level partnerships and coordination between states
· Identification of potential sources of funding
· Public and private partnership mutual advantages in collaboration.