Skip to main content
close search
site logo
Dive Brief

Federal agencies to report cyber policies, findings this week

Published June 6, 2016
By
Contributing Editor
Flickr; USCapitol

Dive Brief:

  • Several federal agencies face 180-day deadlines this week related to last years’ Cybersecurity Information Sharing Act (CISA), which became law in late December.

  • The Office of the Director of National Intelligence and the Office of Management and Budget are expected to deliver a report evaluating how cybercriminals could gain access to classified information by accessing or manipulating an unclassified system. 

  • The Department of Justice and the Department of Homeland Security, meanwhile, are expected to release guidelines on how federal agencies will protect privacy when sharing cyber threat data. 

Dive Insight:

The Office of Personnel Management and the National Institute of Standards and Technology also face CISA-related deadlines this week.

The Cybersecurity Act of 2015 set up incentives for businesses to share threat information with each other and with government agencies and would eventually result in tools to protect both business and government networks.

CISA was the subject of passionate lobbying by privacy groups in late 2015. Companies such as Apple and Dropbox said CISA fails to protect users' privacy.

DOJ and DHS are also expected to deliver finalized policies on how companies can best share cyber threat data with the government this week. In March, DHS released an assessment proclaiming there were some significant privacy concerns to be worked out with the Automated Indicator Sharing initiative, the automated system intended to allow private companies to share cyberthreat indicators with the federal government. The system was intended to facilitate sharing without impacting privacy by stripping personally identifiable information (PII) out of the shared data.

CISA requires any personally-identifiable information that is shared through the program to be directly related to a cybersecurity threat. But the report found "residual privacy risk that these processes may not always identify and remove unrelated PII, thereby disseminating more PII than is directly related to the cybersecurity threat.”

The automated information sharing initiative and its rules could eventually impact many businesses and add complexities when it comes to user privacy. Some say it essentially means that customers of a business will no longer be able to rely on their privacy policy. At this point, it is also unclear to what extent companies will be required to anonymize the information they share with other entities.

Recommended Reading

Editors' picks

Company Announcements

View all | Post a press release
Graphiant’s Blakely Purtill Honored as a CRN® Channel Chief
From Graphiant
February 03, 2025
Newgen Software reports Revenues from operations at Rs 1,057 cr in 9M FY’25, up 22% YoY, Profi…
From Newgen
January 22, 2025
Newgen Recognized as a ‘Leader’ in IDC MarketScape Reports for its Intelligent CCM and Automat…
From Newgen
January 29, 2025
Midmo.ai Comes out of Stealth Mode with Connective Tissue for Traceability Solutions
From Midmo Inc
January 24, 2025
Editors' picks
Latest in Security
Industry Dive is an Informa TechTarget business.
© 2025 TechTarget, Inc. or its subsidiaries. All rights reserved. | View our other publications | Privacy policy | Terms of use | Take down policy.
Cookie Preferences / Do Not Sell
This website is owned and operated by Informa TechTarget, part of a global network that informs, influences and connects the world's technology buyers and sellers. All copyright resides with them. Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. TechTarget, Inc.'s registered office is 275 Grove St. Newton, MA 02466.