80 FR 30258 - Notice of Request for Public Comment Regarding Information Sharing and Analysis Organizations
DEPARTMENT OF HOMELAND SECURITY Federal Register Volume 80, Issue 101 (May 27, 2015)
Federal Register Volume 80, Issue 101 (May 27, 2015)
| Page Range | 30258-30259 | |
| FR Document | 2015-12691 |
[Federal Register Volume 80, Number 101 (Wednesday, May 27, 2015)] [Notices] [Pages 30258-30259] From the Federal Register Online [www.thefederalregister.org] [FR Doc No: 2015-12691] ======================================================================= ----------------------------------------------------------------------- DEPARTMENT OF HOMELAND SECURITY [Docket No. DHS-2015-0017] Notice of Request for Public Comment Regarding Information Sharing and Analysis Organizations AGENCY: Office of Cybersecurity and Communications, National Protection and Programs Directorate, Department of Homeland Security. ACTION: Request for Public Comment. ----------------------------------------------------------------------- SUMMARY: This Notice announces a public comment period to allow input from the public on the formation of Information Sharing and Analysis Organizations (ISAOs) for cybersecurity information sharing, as directed by Executive Order 13691. DHS is soliciting public comments and questions from all citizens and organizations related to the provisions of E.O. 13691 ``Promoting Private Sector Cybersecurity Information Sharing'' of February 13, 2015. The purpose of this request for comment is to gather public input and considerations related to DHS' public engagements and implementation of E.O. 13691 including the selection of a ``standards organizations'' and approved activities of the selected standards organization. DATES: The comment period will be held until July 10, 2015. See SUPPLEMENTARY INFORMATION section for the address to submit written or electronic comments. Specific Comments Sought Individuals and organizations providing comment to this DHS request are requested to address the following questions during this open comment period. However, all comments related to E.O. 13691 will be accepted. As such, submitted comments are not required to address the following five questions to receive due consideration by the Government. At the conclusion of this comment period a DHS will compile and address these comments to the extent practicable in a document which will be made broadly available and may result in further dialog via this forum or other means. 1. Describe the overarching goal and value proposition of Information Sharing and Analysis Organizations (ISAOs) for your organization. 2. Identify and describe any information protection policies that should be implemented by ISAOs to ensure that they maintain the trust of participating organizations. 3. Describe any capabilities that should be demonstrated by ISAOs, including capabilities related to receiving, analyzing, storing, and sharing information. 4. Describe any potential attributes of ISAOs that will constrain their capability to best serve the information sharing requirements of member organizations. 5. Identify and comment on proven methods and models that can be emulated to assist in promoting formation of ISAOs and how the ISAO ``standards'' body called for by E.O. 13691 can leverage such methods and models in developing its guidance. 6. How can the U.S. government best foster and encourage the organic development of ISAOs, and what should the U.S. government avoid when interacting with or supporting ISAOs? 7. Identify potential conflicts with existing laws, authorities that may inhibit organizations from participating in ISAOS and describe potential remedies to these conflicts. 8. Please identify other potential challenges and issues that you believe may affect the development and maturation of effective ISAOs. SUPPLEMENTARY INFORMATION: Executive Order 13691 can be found at: https://www.whitehouse.gov/the-press-office/2015/02/13/executive-order-promoting-private-sector-cybersecurity-information-shari. Background and Purpose On February 13, 2015, President Obama signed Executive Order 13691 intended to enable and facilitate ``private companies, nonprofit organizations, and executive departments and agencies . . . to share information related to cybersecurity risks and incidents and collaborate to respond in as close to real time as possible.'' The order addresses two concerns the private sector has raised:How can companies share information if they do not fit neatly into the sector-based structure of the existing Information Sharing and Analysis Centers (ISACs)? If a group of companies wants to start an information sharing organization, what model should they follow? What are the best practices for such an organization? ISAOs may allow organizations to robustly participate in DHS information sharing programs even if they do not fit into an existing critical infrastructure sector, seek to collaborate with other companies in different ways (regionally, for example), or lack sufficient resources to share directly with the government. ISAOs may participate in existing DHS cybersecurity information sharing programs and contribute to near-real-time sharing of cyber threat indicators. Submitting Written Comments You may also submit written comments to the docket using any one of the following methods: (1) Federal eRulemaking Portal: http://www.regulations.gov. Although comments are being submitted to the Federal eRulemaking Portal, this is a tool to provide transparency to the general public, not because this is a rulemaking action. (2) Email: [email protected]. Include the docket number in the subject line of the message. [[Page 30259]] (3) Fax: 703-235-4981, Attn: Michael A. Echols. (4) Mail: Michael A. Echols, Director, JPMO-ISAO Coordinator, NPPD, Department of Homeland Security, 245 Murray Lane, Mail Stop 0615, Arlington VA 20598-0615. To avoid duplication, please use only one of these four methods. All comments must either be submitted to the online docket on or before July 10, 2015, or reach the Docket Management Facility by that date. Authority: 6 U.S.C. 131-134; 6 CFR. 29; E.O. 13691. Dated: May 13, 2015. Andy Ozment, Assistant Secretary, Cybersecurity and Communications, National Protection and Programs Directorate, Department of Homeland Security. [FR Doc. 2015-12691 Filed 5-26-15; 8:45 am] BILLING CODE 9110-9P-P
![30258 Federal Register / Vol. 80, No. 101 / Wednesday, May 27, 2015 / Notices
Publications and Data. The document is from the public on the formation of development of ISAOs, and what should
available to the public via http:// Information Sharing and Analysis the U.S. government avoid when
www.phe.gov/Preparedness/planning/ Organizations (ISAOs) for cybersecurity interacting with or supporting ISAOs?
science/Pages/AccessPlan.aspx. The information sharing, as directed by 7. Identify potential conflicts with
public comment period will end 30 days Executive Order 13691. DHS is existing laws, authorities that may
after posting in the Federal Register. soliciting public comments and inhibit organizations from participating
FOR FURTHER INFORMATION CONTACT: questions from all citizens and in ISAOS and describe potential
Please submit comments via email to organizations related to the provisions remedies to these conflicts.
Lorian Smith at lorian.smith@hhs.gov. of E.O. 13691 ‘‘Promoting Private Sector 8. Please identify other potential
SUPPLEMENTARY INFORMATION: Pursuant Cybersecurity Information Sharing’’ of challenges and issues that you believe
to Section 103 of the America February 13, 2015. The purpose of this may affect the development and
COMPETES Reauthorization Act of 2010 request for comment is to gather public maturation of effective ISAOs.
(Pub. L. 111–358), the Executive Office input and considerations related to SUPPLEMENTARY INFORMATION: Executive
of the President, Office of Science and DHS’ public engagements and Order 13691 can be found at: https://
Technology Policy (OSTP) issued a implementation of E.O. 13691 including www.whitehouse.gov/the-press-office/
memorandum on February 22, 2013 to the selection of a ‘‘standards 2015/02/13/executive-order-promoting-
the heads of federal agencies directing organizations’’ and approved activities private-sector-cybersecurity-
them to develop plans to enhance access of the selected standards organization. information-shari.
to the results of federally-funded DATES: The comment period will be
held until July 10, 2015. See Background and Purpose
scientific research. ASPR is voluntarily
developing a public access plan in order SUPPLEMENTARY INFORMATION section for On February 13, 2015, President
to maximize availability of digitally- the address to submit written or Obama signed Executive Order 13691
formatted scientific data resulting from electronic comments. intended to enable and facilitate
research supported wholly or in part by Specific Comments Sought ‘‘private companies, nonprofit
federal funding that will improve the organizations, and executive
Individuals and organizations
public’s ability to locate and access this departments and agencies . . . to share
providing comment to this DHS request
data. information related to cybersecurity
are requested to address the following
Background: This plan considers the risks and incidents and collaborate to
questions during this open comment
interests and needs of various respond in as close to real time as
period. However, all comments related
stakeholders, including, but not limited possible.’’ The order addresses two
to E.O. 13691 will be accepted. As such,
to, federally funded researchers, concerns the private sector has raised:
submitted comments are not required to
universities, libraries, publishers, data • How can companies share
address the following five questions to
users and civil society groups. information if they do not fit neatly into
Availability of Materials: The draft receive due consideration by the
the sector-based structure of the existing
copy of the ASPR Public Access Plan Government. At the conclusion of this
Information Sharing and Analysis
will be posted on the phe.gov Web site: comment period a DHS will compile
Centers (ISACs)?
and address these comments to the
http://www.phe.gov/Preparedness/ • If a group of companies wants to
planning/science/Documents/ extent practicable in a document which
start an information sharing
AccessPlan.pdf. will be made broadly available and may
organization, what model should they
Procedures for Providing Public Input: result in further dialog via this forum or
follow? What are the best practices for
All comments must be received within other means.
1. Describe the overarching goal and such an organization?
30 days of the publication of notice. ISAOs may allow organizations to
Please submit comments to Lorian value proposition of Information
Sharing and Analysis Organizations robustly participate in DHS information
Smith via email lorian.smith@hhs.gov. sharing programs even if they do not fit
(ISAOs) for your organization.
Dated: May 15, 2015. 2. Identify and describe any into an existing critical infrastructure
Nicole Lurie, information protection policies that sector, seek to collaborate with other
Assistant Secretary for Preparedness and should be implemented by ISAOs to companies in different ways (regionally,
Response. ensure that they maintain the trust of for example), or lack sufficient resources
[FR Doc. 2015–12561 Filed 5–26–15; 8:45 am] participating organizations. to share directly with the government.
BILLING CODE 4150–28–P 3. Describe any capabilities that ISAOs may participate in existing DHS
should be demonstrated by ISAOs, cybersecurity information sharing
including capabilities related to programs and contribute to near-real-
DEPARTMENT OF HOMELAND receiving, analyzing, storing, and time sharing of cyber threat indicators.
SECURITY sharing information. Submitting Written Comments
4. Describe any potential attributes of
[Docket No. DHS–2015–0017] ISAOs that will constrain their You may also submit written
capability to best serve the information comments to the docket using any one
Notice of Request for Public Comment sharing requirements of member of the following methods:
Regarding Information Sharing and organizations. (1) Federal eRulemaking Portal:
Analysis Organizations 5. Identify and comment on proven http://www.regulations.gov. Although
mstockstill on DSK4VPTVN1PROD with NOTICES
AGENCY: Office of Cybersecurity and methods and models that can be comments are being submitted to the
Communications, National Protection emulated to assist in promoting Federal eRulemaking Portal, this is a
and Programs Directorate, Department formation of ISAOs and how the ISAO tool to provide transparency to the
of Homeland Security. ‘‘standards’’ body called for by E.O. general public, not because this is a
ACTION: Request for Public Comment. 13691 can leverage such methods and rulemaking action.
models in developing its guidance. (2) Email: ISAO@hq.dhs.gov. Include
SUMMARY: This Notice announces a 6. How can the U.S. government best the docket number in the subject line of
public comment period to allow input foster and encourage the organic the message.
VerDate Sep<11>2014 16:45 May 26, 2015 Jkt 235001 PO 00000 Frm 00053 Fmt 4703 Sfmt 4703 E:\FR\FM\27MYN1.SGM 27MYN1](https://thefederalregister.org/doc/80_FR_30359/page/1.svg)
![Federal Register / Vol. 80, No. 101 / Wednesday, May 27, 2015 / Notices 30259
(3) Fax: 703–235–4981, Attn: Michael clarify the information that may be fulfill its mandate to provide situational
A. Echols. collected about anchors, newscasters, or awareness and a common operating
(4) Mail: Michael A. Echols, Director, other on-scene reporters; (2) permit the picture for the entire Federal
JPMO–ISAO Coordinator, NPPD, collection of information about current Government, and for state, local, and
Department of Homeland Security, 245 and former public officials who are tribal governments as appropriate, and
Murray Lane, Mail Stop 0615, Arlington potential victims of incidents or to ensure that critical terrorism and
VA 20598–0615. activities related to Homeland Security; disaster-related information reaches
To avoid duplication, please use only (3) clarify the system classification government decision-makers. 6 U.S.C.
one of these four methods. All level; and (4) clarify the record source 321d(b). As a result of a biennial review
comments must either be submitted to categories. This updated system will of this system, DHS is updating this
the online docket on or before July 10, continue to be included in the SORN to (1) clarify that the fifth
2015, or reach the Docket Management Department of Homeland Security’s category of individuals may include any
Facility by that date. inventory of record systems. of the categories of records for anchors,
Authority: 6 U.S.C. 131–134; 6 CFR. 29; DATES: Submit comments on or before newscasters, or on-scene reporters; (2)
E.O. 13691. June 26, 2015. This updated system will expand the sixth category of individuals
Dated: May 13, 2015. be effective June 26, 2015. to include current and former public
Andy Ozment, ADDRESSES: You may submit comments, officials who are potential victims of
Assistant Secretary, Cybersecurity and identified by docket number DHS– incidents or activities related to
Communications, National Protection and 2015–0025 by one of the following Homeland Security; (3) limit the system
Programs Directorate, Department of methods: classification to Unclassified and For
Homeland Security. • Federal e-Rulemaking Portal: Official Use Only; and (4) update the
[FR Doc. 2015–12691 Filed 5–26–15; 8:45 am] http://www.regulations.gov. Follow the record source categories to clarify that
BILLING CODE 9110–9P–P instructions for submitting comments. all records within this system are
• Fax: (202) 343–4010. collected from publicly available social
• Mail: Karen L. Neuman, Chief media Web sites.
DEPARTMENT OF HOMELAND Privacy Officer, Privacy Office, As described in the DHS/OPS/PIA–
SECURITY Department of Homeland Security, 004 Publicly Available Social Media
Washington, DC 20528. Monitoring and Situational Awareness
Office of the Secretary Instructions: All submissions received Initiative Privacy Impact Assessment
[Docket No. DHS–2015–0025] must include the agency name and and associated updates (which are
docket number for this rulemaking. All available on the DHS Privacy Office
Privacy Act of 1974; Department of comments received will be posted Web site at http://www.dhs.gov/
Homeland Security Office of without change to http:// privacy), the NOC monitors publicly
Operations Coordination and www.regulations.gov, including any available online forums, blogs, public
Planning–004 Publicly Available Social personal information provided. Web sites, and message boards. Through
Media Monitoring and Situational Docket: For access to the docket to the use of publicly available search
Awareness Initiative System of read background documents or engines and content aggregators, the
Records comments received, please visit http:// NOC monitors activities on social media
AGENCY: Privacy Office, Department of www.regulations.gov. for information it can use to provide
Homeland Security. FOR FURTHER INFORMATION CONTACT: For situational awareness and establish a
ACTION: Notice of an updated Privacy general questions, please contact: common operating picture. The NOC
Act system of records. Michael Page, (202) 357–7626, Privacy gathers, stores, analyzes, and
Point of Contact, Office of Operations disseminates relevant and appropriate
SUMMARY: In accordance with the Coordination and Planning, Department de-identified information to federal,
Privacy Act of 1974, the Department of of Homeland Security, Washington, DC state, local, and foreign governments,
Homeland Security proposes to update 20528. For privacy questions, please and private sector partners authorized to
and reissue a current Department of contact: Karen L. Neuman, (202) 343– receive situational awareness and a
Homeland Security system of records 1717, Chief Privacy Officer, Privacy common operating picture. Under this
titled, ‘‘Department of Homeland Office, Department of Homeland initiative, OPS generally does not: (1)
Security/Office of Operations Security, Washington, DC 20528. Actively seek personally identifiable
Coordination and Planning–004 SUPPLEMENTARY INFORMATION: information (PII); (2) post any
Publicly Available Social Media information; (3) actively seek to connect
Monitoring and Situational Awareness I. Background with other internal/external personal
Initiative System of Records.’’ The In accordance with the Privacy Act of users; (4) accept other internal/external
Office of Operations Coordination and 1974, 5 U.S.C. 552a, the Department of personal users’ invitations to connect; or
Planning National Operations Center Homeland Security (DHS) Office of (5) interact on social media sites.
created the Publicly Available Social Operations Coordination and Planning However, OPS is permitted to establish
Media Monitoring and Situational (OPS) proposes to update and reissue a user names and passwords to form
Awareness Initiative to assist the current DHS system of records titled, profiles and follow relevant
Department of Homeland Security ‘‘DHS/OPS–004 Publicly Available government, media, and subject matter
mstockstill on DSK4VPTVN1PROD with NOTICES
(DHS) and its Components involved in Social Media Monitoring and experts on social media sites in order to
fulfilling DHS’s statutory responsibility Situational Awareness Initiative System use search tools under established
to provide situational awareness. As a of Records.’’ criteria and search terms for monitoring
result of a biennial review of this The DHS/OPS–004 Publicly Available that supports providing situational
system, the Department of Homeland Social Media Monitoring and awareness and establishing a common
Security/Office of Operations Situational Awareness Initiative System operating picture. Furthermore, PII on
Coordination and Planning is updating of Records allows the DHS/OPS the following categories of individuals
this system of records notice to (1) National Operations Center (NOC) to may be collected when it lends
VerDate Sep<11>2014 16:45 May 26, 2015 Jkt 235001 PO 00000 Frm 00054 Fmt 4703 Sfmt 4703 E:\FR\FM\27MYN1.SGM 27MYN1](https://thefederalregister.org/doc/80_FR_30359/page/2.svg)
Document Created: 2015-12-15 15:35:47
Document Modified: 2015-12-15 15:35:47
| Category | Regulatory Information | |
| Collection | Federal Register | |
| sudoc Class | AE 2.7: GS 4.107: AE 2.106: | |
| Publisher | Office of the Federal Register, National Archives and Records Administration | |
| Section | Notices | |
| Action | Request for Public Comment. | |
| Dates | The comment period will be held until July 10, 2015. See | |
| FR Citation | 80 FR 30258 |
2025 Federal Register | Disclaimer | Privacy Policy
USC | CFR | eCFR