Information Discovery and Sharing in the Wake of the Executive Order on Cybersecurity

Anthony Di Bello It’s the wake-up call CISOs, information assurance, and risk chiefs didn’t really need – but when the White House issues an executive order on “Improving Critical Infrastructure Cybersecurity,” it’s time to up our collective game. Most Fortune 500 companies and critical-infrastructure providers are already establishing and working to best practices in cyber defense and information security, but President Obama’s executive order is a call to a higher standard of readiness for cyber defense and information sharing among agencies and companies providing or servicing critical infrastructure.

We all know cybersecurity is vitally important. However, this order came about for the simple reason that the threat landscape is constantly changing and far too many organizations are far from a state of response readiness.

How Do You Share What You Can’t Find?

Currently, the most damaging attacks go undetected by traditional approaches to information security. So the toughest aspect of working with the new framework will be gathering the intelligence on threats as they’re occurring so that you can rapidly share that intelligence.

This is where EnCase Cybersecurity excels. It’s designed to respond the moment an attack is detected and to immediately capture threat-related artifacts for faster incident response. EnCase Cybersecurity can also be the engine that facilitates the sharing of highly detailed threat intelligence. That intelligence is collected on one end and sanitized per privacy clauses, then packaged in a file that another entity can easily ingest into its EnCase environment and immediately begin scanning against those indicators.

With Increased Sharing Comes Increased Oversight

After years of discussion at the federal level about the need for public/private partnership in this area, this executive order helps fill the current security gap by outlining a structure for information-sharing that will no doubt result in additional regulations. With the National Institute of Standards and Technology (NIST) developing the Cybersecurity Framework, we can expect that its disciplines and publications relating to incident response and forensics will roll up into this new, overarching framework.

One key takeaway of the order is that there will be a wealth of new types of information that can be the targets of a Freedom of Information Act (FOIA) request. Organizations providing or servicing critical infrastructure will need proven digital forensic and e-discovery technology to facilitate response to these requests and in order to prove compliance with new regulations that result.

We all know from reading other recent headlines that privacy will remain of crucial importance even as agencies and organizations related to critical infrastructure begin preparing to share whatever data is required. This means that it will also be a requirement to ensure and prove that certain types of data have been protected from improper migration or disclosure as a normal part of collection and sharing.

Where to Start

As you know, our EnCase® eDiscovery software can help reduce the risk of collecting and sharing information for many legal circumstances, including legal matters and FOIA requests, while helping you prove chain of custody in a format that courts around the world now accept.

Now, with this critical call to action directly from the White House, your organization’s best first step may be to perform a Sensitive Data Discovery with EnCase® Cybersecurity. Being able to map all your sensitive data and prove that you have a rapid-response plan in place in case of cyber attack will help your organization prove that it’s a step ahead of most in meeting the U.S. government’s standard for cyber defense and information-sharing.