On February 16, the Department of Homeland Security (DHS) and Department of Justice (DOJ) released interim guidance on cyber threat information sharing. This is the first step in implementing an NMHC and NAA endorsed cybersecurity law that is critical to the apartment industry. The related law provides liability protection for multifamily firms and other companies from civil lawsuits and existing antitrust laws when they voluntarily exchange real-time information about potential cyber threats. Given the amount of personal information apartment firms collect, including Social Security numbers, driver’s license numbers and more as part of the leasing process, this issue is a high priority for the industry.
Of the four documents released, one is of particular note to the apartment industry. The document includes information to assist private companies, including apartment firms, on how to share cyber threat indicator information with the Federal Government. Specifically, there are several options for communicating cyber threats, including DHS' Automated Indicator Sharing (AIS) initiative. According to DHS, the goal of the initiative is to achieve real-time sharing of cyber threat indicators by enabling the department’s National Cybersecurity and Communications Integration Center to:
- Receive indicators from the private sector and other non-federal entities;
- Remove unnecessary personally identifiable information; and
- Disseminate the indicators, as appropriate, to other federal departments and agencies, and the private sector and other non-federal entities.
DHS Secretary Jeh Johnson invites companies to work with his agency to set up the technical infrastructure needed to share and receive cyber threat indicators in real-time. Additional information on options to communicate cyber threat indicators to the Federal Government can be found here.
The other three guidance documents released by DHS and DOJ set procedures for the Federal Government’s receipt and sharing of cyber threat indicators, as well as guidelines for addressing privacy and civil liberties.
- NMHC NAA Comments to FCC on Digital Discrimination
- NMHC NAA House Financial Services Data Privacy Letter
- NMHC NAA House Energy and Commerce Data Privacy Letter
- ‘We Need a Federal Standard’ – NMHC Reiterates Plea for Data Privacy Standard as FTC Explores New Rule
- FTC Commercial Surveillance and Data Security Comment Letter