Mapping the Cybersecurity Information Sharing and Analysis Ecosystem at the Regional, State, Local, Tribal and Territorial (RSLTT) Government Level

Background and Intent


The Information Sharing and Analysis Organization Standards Organization (ISAO SO) is a non-governmental organization established on October 1, 2015.  Its mission is to improve the Nation’s cybersecurity posture by identifying standards and guidelines for robust and effective information sharing and analysis related to cybersecurity risks, incidents, and best practices. 


Over the course of the last year, and in response to Executive Order 13691, the ISAO SO developed four initial voluntary guidelines for established or emerging ISAOs.  Gaps not addressed in the original documents included the bi-directional relationships between ISAOs and State, Local,Tribal, and Territorial (SLTT) governments and Regional organizations (public and private), and identification of SLTT and Regional organization information sharing capabilities and needs.  Filling these gaps is critical because SLTT governments have unique capabilities and resources, and Regional organizations have unique missions and relationships that can be used to identify and respond to cybersecurity related events or incidents. 


The ISAO SO Government Relations Working Group has been charged to engage with SLTT governments and Regional organizations to evaluate the information sharing landscape.  The working group is made up of cybersecurity leaders from multiple sectors who are dedicated to addressing the specific needs of SLTTs, Regional organizations, and ISAOs.  The first task for the Government Relations Working Group is to identify the current capabilities, gaps, and needs of these entities as they relate to information sharing.  With the assistance of LMI, this working group has developed the following survey directed to SLTT government and Regional stakeholders, and cybersecurity leaders and managers.  Survey data will be used to develop a list of tools and resources and propose a voluntary list of actions and solutions that will ultimately meet the objective of government and private sector collaboration in the enabling, partnering and supporting ISAOs.  The Government Relations Group greatly appreciates your time and attention to addressing the cybersecurity needs of your state, local, tribal or territory.


This two-part survey is designed to identify current cybersecurity information sharing capabilities of regional and SLTT entities and gaps and information needs that may exist between SLTT government, the federal government, regional entities and ISAOs.


Part I of the survey is to be completed by members of RSLTT entities (governmental organizations).  Part II of the survey should be completed by members of associations, ISAOs, and ISACs (private sector organizations). Multiple respondents per organization are welcomed and encouraged to complete the survey.


                    8%

A regional association or organization is an alliance of stakeholders with a common interest spread across a geographic area.  Regional organizations can be comprised of members within a state, between states, between tribes, etc.  Different examples on the cybersecurity information sharing spectrum include DHS’ SLTTGCC, the Regional Consortium Coordinating Council (RC3), and The Cyber Resilience Institute.

[Image]