ABA Seeks Greater Clarity for Information Sharing Under CISA

In a joint letter to the Department of Homeland Security and the Department of Justice today, ABA and other financial trade associations called for more guidance to help their member organizations expand or enhance the sharing of cyber threat information under the framework created by the Cybersecurity Information Sharing Act. Passed by Congress in 2015, CISA strengthened the ability of the public and private sectors to share critical cyber threat information without compromising customer privacy.

The associations urged DHS and DOJ to issue more detailed guidance to clarify the liability protections afforded under CISA; explain how the new framework aligns with existing information sharing programs; establish procedures for sharing classified information with cleared members of the private sector; explain how DHS will manage automated indicator sharing capabilities; and provide a definition for “personal information.”

The groups also expressed their desire to continue collaboration with the DHS, DOJ and Treasury on several specific areas, including classified cyber threat indicator sharing, the development of a framework for determining “defensive measures” and building strong analytics tools.