Mark Clancy, DTCC Chief Information Security Officer, joined CEOs from top technology, financial services, utility, health care and cybersecurity companies, as well as representatives from government and law enforcement agencies, at the White House Summit on Cybersecurity and Consumer Protection at Stanford University.
During the event, President Obama unveiled his new Executive Order on improving information sharing between government and the private sector.
“This was a clear effort to move the dial forward on cybersecurity and highlight the growing ecosystem of information sharing and collaborative cybersecurity initiatives taking place across the private and public sectors,” Clancy said. “As our nation’s policymakers consider much-needed cybersecurity legislation, it’s essential that this type of discussion continue to ensure that lessons learned from private sector cybersecurity partnerships are effectively incorporated into new federal policy.”
The event took place amidst a renewed push by federal lawmakers to improve U.S. cybsersecurity capabilities, a debate in which DTCC continues to be actively engaged and whose expertise on information sharing to combat cyber threats has found a receptive audience on Capitol Hill.
DTCC’s recent launch of Soltra, the new cyber threat information sharing platform, as well as the industry’s experience in pre-existing information sharing and analysis mechanisms like the Financial Services Information Sharing and Analysis Center (FS-ISAC), have proved to be timely examples of effective sector-led cybersecurity initiatives. The FS-ISAC – DTCC’s partner in the formation of Soltra – is viewed as one of the premier examples of a public-private partnership in the cybersecurity space.
The innovative approach by entities like the FS-ISAC and Soltra to share cyber threats and to encourage a collaborative environment has been considered a success amongst key decision makers in the Executive Branch and in Congress.
“The financial industry as a whole realized fairly early on that cybersecurity should be a non-competitive area, and as a result we’ve been at the forefront of innovative and collaborative partnerships in cyberspace,” said Clancy, who also serves as CEO of Soltra. “These partnerships have proven effective, helping organizations to bolster their cyber defense by leveraging the capabilities and experience of a broader community while also improving the collective response to the fast-evolving universe of cyber threats. We have a positive story to tell and it’s important that we continue to share that story in Washington.”
Cybersecurity Legislation on the Horizon
The White House summit marked the latest in a series of high-profile efforts by the Obama Administration to affect broad legislation to bolster cybersecurity across the U.S. government and private industry. In January, 2015, the President rolled out a series of legislative proposals, including a measure designed to increase the ability of law enforcement to criminalize hacking; a bill designed to protect student data; and legislation providing limited liability protection for cyber threat information sharing between government and the private sector.
The President’s recently announced Executive Order seeks to build on these proposals by encouraging, among other things, the formation of information sharing and analysis organizations (ISAOs) operated under standards developed by the Department of Homeland Security (DHS). The ISAOs will be similar in design and purpose to the Information Sharing and Analysis Centers operated by U.S. critical infrastructure sectors, such as FS-ISAC.
Meanwhile, a myriad of legislative proposals are under development in the new Congress, where the growing chorus of demands for improved information sharing has Washington focused squarely on this element of the debate. On March 2, a coalition of more than 20 of the country’s most prominent corporations sent a letter, co-signed by DTCC, to House and Senate leadership urging immediate legislative action on cybersecurity.
“There is an urgent need for action to help bolster our country’s cybersecurity defenses,” states the letter, which was co-signed by organizations including Lockheed Martin, Microsoft and AIG, among others. “Government leaders, industry and cybersecurity experts all agree that neither the government nor industry can solve this problem alone. Rather, a collaborative approach is required to facilitate the real-time identification, detection and mitigation of emerging cyber threats.”
There is no shortage of lawmakers willing to take up the cybersecurity mantle. In particular, DTCC and the financial industry continue to closely monitor developments in the Senate Intelligence Committee, where Chairman Richard Burr (R-NC) and Ranking Member Diane Feinstein (D-CA) have already circulated a revamped draft of the Cybersecurity Information Sharing Act (CISA), which came close to passing in the last Congress. The legislation offers expanded liability protection across a broader spectrum of industry-government relationships for organizations participating in information sharing mechanisms and has won praise from many in private industry, including the financial sector.
Meanwhile, leadership on both the House and Senate Homeland Security Committees are considering legislation more closely aligned with the proposals of the President, which places DHS at the center of the collection and diffusion of new information sharing initiatives.
Though it remains unclear exactly which path cybersecurity legislation will take, movement is expected in the coming months.