“Neither government nor the private sector can defend the nation alone.”
--President Barack Obama on cyber threats, January, 2015.
Since the State of the Union in 2015, a number of factors have come together to make this the ideal time for private sector stakeholders to establish their own platforms for sharing cyber threat information.
It doesn’t take much examination of the headlines to note that the threats continue. Recent cases of health ransomware are just the latest examples of threats leading to commercial loss.
“With sophisticated actors taking advantage of automation to more easily obfuscate their signatures, cross-sector sharing is becoming essential to be able to identify and remediate attacks,” Chris Finan told CalCISO. Finan is a board member of CalCISO and CEO of Manifold Technology.
Stakeholders are gathered, and the time is ripe for the California Cybersecurity Information Sharing Organization (CalCISO) to convene leaders and build solutions.
“We’re really trying to allow for a multiplicity of ways the private sector would want to organize itself, and not just restrict itself to the sector-based [ISACs],” a White House official told Politico in 2015.
CalCISO has been organized to do exactly that – explore the ways in which private stakeholders want to engage with one another, across industries, in California.
"To stay ahead of existing and evolving threats, collaboration platforms enabling trusted information sharing across sectors are fundamental,” offered Jamey Sample, a CalCISO Board Member from Ernst and Young and a 15-year veteran of information security in utilities. “The passage of CISA enables this trusted model and demonstrates the need for more groups like CalCISO to establish private forums for information sharing."
Charlie Benway, of our sister organization, the Advanced Cyber Security Center in Boston, said in a prior interview: “Because [ACSC is] a cross-sector organization, some sectors see certain threats before others so some members get advance notice.
“But it goes beyond just actionable threat information,” Benway continued. “Members say the organization is also a tremendous benefit in terms of professional staff development because members exchange best practices and can take ideas back and improve the security posture of their own enterprises.”
In addition to California and Massachusetts, this is a dialogue repeating itself all over the United States at present.
The standards organization established by the Department of Homeland Security has said: “Private companies, nonprofit organizations, federal and local agencies, and other entities or interested individuals must be able to share information related to cybersecurity risks and incidents and collaborate to respond in as close to real time as possible.”
The next step in this dialogue is a meeting established by CalCISO to discuss the form and function of multi-sector information sharing. This meeting will take place Thursday, April 21st in San Francisco.
If you have an interest in any of these issues, we invite you to join us and participate in this dialogue on the 21st. For further information and to register, please visit the MEETING PAGE HERE.