Federal Agencies Offer Guidance on Sharing Information About Cyber Threats
Friday, February 19, 2016
Hacker, three computers

Related Practices & Jurisdictions
Print Mail Download i

The federal Departments of Homeland Security, Defense and Justice and The Office of the Director of National Intelligence issued guidance on the implementation of the Cybersecurity Information Sharing Act of 2015 (CISA).  Among the four guidance documents issued by these agencies is one outlining the ways non-federal entities (which would include private employers) can share information with federal entities regarding cyber threat indicators and defensive measures taken against those threat indicators.  The guidance addresses procedures for sharing cyber threat indicator and defensive measures information under the CISA.

The CISA authorizes the sharing of “cyber threat indicators” and “defensive measures” for a “cybersecurity purpose.”  The guidance highlights the fact that the CISA attempts to strike an appropriate balance between sharing information about cyber threat indicators and defensive measures while protecting the privacy of information when it is not directly related to and necessary to identify or describe a cyber security threat.  The guidance further explains that the CISA “promotes the goal of sharing while simultaneously providing privacy protections.” Therefore, the guidance cautions non-federal entities such as private employers to carefully review information before sharing it to assure they do not inadvertently disclose information that should have been kept private.

The guidance provides an overview of the methods non-federal entities can use to report to federal agencies information about cyber threats and defensive measures. These include the Department of Homeland Security’s (DHS) Automated Indicator Sharing (AIS) initiative, the webform on DHS’ National Cybersecurity and Communications Integration Center, emailing DHS, and sharing information through Information Sharing and Analysis Centers or Information Sharing and Analysis Organizations.  When a non-federal entity shares information using these methods, it is afforded liability protection under the CISA, as well as other protections such as an exemption from federal antitrust laws.

When a non-federal agency reports cyber threats and defensive measures in a manner other than those outlined above, it does not receive protection from liability, but still has the other protections available under CISA like the federal antitrust exemption and protection of commercial, financial and proprietary information.

Jackson Lewis P.C. © 2024

Current Legal Analysis

More from Jackson Lewis P.C.

Live from Workplace Horizons 2024 - Episode 1: What Employers Need to Know About Keeping Your Workplace Safe, Drug-Free, and Productive [Podcast]
by: Emily S. Borna , Matthew F. Nieman
Digital Nomad Visas Offered by Italy, Japan
by: Minnie Fu
Top Five Labor Law Developments for April 2024
by: Jonathan J. Spitz , Richard F. Vitarelli
Utah Expands Employee Religious Protections
by: M. Christopher Moon
OFCCP Releases New Artificial Intelligence Guidance
by: Laura A. Mitchell , Alyssa J. Calabrese
District Court Strikes Portions of Inglewood’s Healthcare Worker Minimum Wage Ordinance
by: Jonathan A. Siegel , Allen F. Acosta
Reminder: San Francisco Employer Annual Reporting Form Due May 3
by: Harold R. Jones , Julia A. Olivier
Addressing Multinational Labor and Employment Law Issues Through an International Alliance [Podcast]
by: John L. Sander
Nuanced Privacy Laws Means Healthcare Organizations Should Prioritize Protecting Personal Information
by: Michael R. Bertoncini
Reports Confirm Need for Employers to Foster Inclusive Work Environment for Black, LGBTQIA+ Youth
by: Teresa Burke Wright

Upcoming Legal Education Events

 

NLR Logo

We collaborate with the world's leading lawyers to deliver news tailored for you. Sign Up to receive our free e-Newsbulletins

 

Sign Up for e-NewsBulletins