New Council White Paper Focuses on Cyber Information Sharing

January 25, 2024

January 25, 2024 (ARLINGTON, VA)—The Intelligence and National Security Alliance (INSA) today released a new paper, Challenges and Opportunities of Enabling Information Sharing¸ that advocates for improved information sharing among private sector firms, stressing the need for timely, relevant, and detailed threat information to mitigate cyberattacks, aid in system recovery, and enhance the resilience of commercial networks.  

Developed by INSA’s Cyber Council, the paper recognizes the shared responsibility of the public and private sectors in defending the U.S. cyber infrastructure. It finds that while federal cybersecurity policies are rapidly evolving—Executive Order 14028 and the White House’s March 2023 National Cybersecurity Strategy offer vivid examples—there is inconsistency in private sector cybersecurity, posing a risk to businesses and critical infrastructure. 

The paper offers five recommendations for private sector firms to operationalize to improve information sharing:

  1. Collaborate with internal stakeholders, including IT, legal, compliance, etc.
  2. Improve understanding of partner priorities, collection requirements, and how recipients can act on information.
  3. Leverage established information sharing entities (e.g., ISACs, ISAOs) to anonymize information/intelligence sources.
  4. Ensure safeguards are in place, to include NDAs, data protection regimes, and secure mechanisms for sharing.
  5. Promote bi-directional sharing, including adopting sector-specific intelligence sharing platforms.

In conclusion, the paper provides a useful framework for firms grappling with the challenges of determining what information to share and establishing a consistent sharing process. Implementing these measures will strengthen the security stance of the nation’s cyber infrastructure, leading to a more resilient and robust collective defense. 

For additional information about INSA's policy councils, contact membership@insaonline.org.