State and Community Information Sharing and Analysis Organizations

Abstract

For many years the importance of sharing information on cybersecurity risks, vulnerabilities, and incidents has been understood. Organizations working in isolation are at a disadvantage when facing the types of threats existing in today’s Internet environment. Informal information sharing has been conducted for many years. More formal information sharing organizations were created in response to the 1998 Presidential Decision Directive-63. More recently, Executive Order 13691 called for the creation of information sharing and analysis organizations beyond the critical infrastructures and led to the creation of a standards organization to create standards, guidelines, and other documents to assist in the creation of information sharing organizations. This paper will discuss the history of information sharing in the United States and will explain the potential impact for states and communities. The importance of developing state and community information sharing organizations will be discussed along with the challenges in establishing them.