[Federal Register Volume 80, Number 101 (Wednesday, May 27, 2015)]
[Pages 30258-30259]
From the Federal Register Online via the Government Publishing Office [www.gpo.gov]
[FR Doc No: 2015-12691]



[Docket No. DHS-2015-0017]

Notice of Request for Public Comment Regarding Information 
Sharing and Analysis Organizations

AGENCY: Office of Cybersecurity and Communications, National Protection 
and Programs Directorate, Department of Homeland Security.

ACTION: Request for Public Comment.


SUMMARY: This Notice announces a public comment period to allow input 
from the public on the formation of Information Sharing and Analysis 
Organizations (ISAOs) for cybersecurity information sharing, as 
directed by Executive Order 13691. DHS is soliciting public comments 
and questions from all citizens and organizations related to the 
provisions of E.O. 13691 ``Promoting Private Sector Cybersecurity 
Information Sharing'' of February 13, 2015. The purpose of this request 
for comment is to gather public input and considerations related to 
DHS' public engagements and implementation of E.O. 13691 including the 
selection of a ``standards organizations'' and approved activities of 
the selected standards organization.

DATES: The comment period will be held until July 10, 2015. See 
SUPPLEMENTARY INFORMATION section for the address to submit written or 
electronic comments.

Specific Comments Sought

    Individuals and organizations providing comment to this DHS request 
are requested to address the following questions during this open 
comment period. However, all comments related to E.O. 13691 will be 
accepted. As such, submitted comments are not required to address the 
following five questions to receive due consideration by the 
Government. At the conclusion of this comment period a DHS will compile 
and address these comments to the extent practicable in a document 
which will be made broadly available and may result in further dialog 
via this forum or other means.
    1. Describe the overarching goal and value proposition of 
Information Sharing and Analysis Organizations (ISAOs) for your 
    2. Identify and describe any information protection policies that 
should be implemented by ISAOs to ensure that they maintain the trust 
of participating organizations.
    3. Describe any capabilities that should be demonstrated by ISAOs, 
including capabilities related to receiving, analyzing, storing, and 
sharing information.
    4. Describe any potential attributes of ISAOs that will constrain 
their capability to best serve the information sharing requirements of 
member organizations.
    5. Identify and comment on proven methods and models that can be 
emulated to assist in promoting formation of ISAOs and how the ISAO 
``standards'' body called for by E.O. 13691 can leverage such methods 
and models in developing its guidance.
    6. How can the U.S. government best foster and encourage the 
organic development of ISAOs, and what should the U.S. government avoid 
when interacting with or supporting ISAOs?
    7. Identify potential conflicts with existing laws, authorities 
that may inhibit organizations from participating in ISAOS and describe 
potential remedies to these conflicts.
    8. Please identify other potential challenges and issues that you 
believe may affect the development and maturation of effective ISAOs.

SUPPLEMENTARY INFORMATION: Executive Order 13691 can be found at: 

Background and Purpose

    On February 13, 2015, President Obama signed Executive Order 13691 
intended to enable and facilitate ``private companies, nonprofit 
organizations, and executive departments and agencies . . . to share 
information related to cybersecurity risks and incidents and 
collaborate to respond in as close to real time as possible.'' The 
order addresses two concerns the private sector has raised:
     How can companies share information if they do not fit 
neatly into the sector-based structure of the existing Information 
Sharing and Analysis Centers (ISACs)?
     If a group of companies wants to start an information 
sharing organization, what model should they follow? What are the best 
practices for such an organization?
    ISAOs may allow organizations to robustly participate in DHS 
information sharing programs even if they do not fit into an existing 
critical infrastructure sector, seek to collaborate with other 
companies in different ways (regionally, for example), or lack 
sufficient resources to share directly with the government. ISAOs may 
participate in existing DHS cybersecurity information sharing programs 
and contribute to near-real-time sharing of cyber threat indicators.

Submitting Written Comments

    You may also submit written comments to the docket using any one of 
the following methods:
    (1) Federal eRulemaking Portal: http://www.regulations.gov. 
Although comments are being submitted to the Federal eRulemaking 
Portal, this is a tool to provide transparency to the general public, 
not because this is a rulemaking action.
    (2) Email: [email protected]. Include the docket number in the 
subject line of the message.

[[Page 30259]]

    (3) Fax: 703-235-4981, Attn: Michael A. Echols.
    (4) Mail: Michael A. Echols, Director, JPMO-ISAO Coordinator, NPPD, 
Department of Homeland Security, 245 Murray Lane, Mail Stop 0615, 
Arlington VA 20598-0615.
    To avoid duplication, please use only one of these four methods. 
All comments must either be submitted to the online docket on or before 
July 10, 2015, or reach the Docket Management Facility by that date.

    Authority: 6 U.S.C. 131-134; 6 CFR. 29; E.O. 13691.

    Dated: May 13, 2015.
Andy Ozment,
Assistant Secretary, Cybersecurity and Communications, National 
Protection and Programs Directorate, Department of Homeland Security.
[FR Doc. 2015-12691 Filed 5-26-15; 8:45 am]