On June 15, 2016, the U.S. Department of Homeland Security (“DHS”) and Department of Justice issued Final Procedures Related to the Receipt of Cyber Threat Indicators and Defensive Measures by the Federal Government (“Final Procedures”) that provide information on how DHS will implement the Cybersecurity Information Sharing Act of 2015 (“CISA”). The Final Procedures were accompanied by Guidance to Assist Non-Federal Entities to Share Cyber Threat Indicators and Defensive Measures with Federal Entities Under the Cybersecurity Information Sharing Act of 2015 (“Guidance”). These documents represent finalized versions of interim guidance and procedures which, as we have previously reported, were issued in February.
Cybersecurity Information Sharing Act
U.S. Government Publishes CISA Guidance for Cybersecurity Information Sharing
Earlier this month, the U.S. Department of Homeland Security (DHS) and Department of Justice (DOJ) issued joint interim guidance on private entities’ sharing of cyber threat indicators and defensive measures with the government and other private entities. As we have written, Congress required the agencies to develop and publish this guidance through the Cybersecurity Information Sharing Act (CISA). The guidance provides helpful examples of information that may or may not be shared, along with details about the information sharing mechanism. Concurrently, DHS and DOJ published interim procedures for the receipt of cyber threat indicators and defensive measures, and privacy and civil liberties guidelines.
Below are the key takeaways from the guidance.
Congress fails to act on cybersecurity information sharing act
The relatively short turnaround of the Cybersecurity Information Sharing Act (CISA or the “Act”) has proved challenging, as a vote initially intended for this week will have to wait until the Senate’s September session, at the earliest.
Washington poised to collaborate on cybersecurity legislation
It appears that Congress and the Administration are finally prepared to collaborate on addressing cybersecurity threats facing the nation. The Administration is moving forward on its cyber threat initiative, and a recent New York Times article suggested that Congress is…