On February 16, the Department of Homeland Security (DHS) and Department of Justice (DOJ) released interim guidance on cyber threat information sharing. This is the first step in implementing an NMHC and NAA endorsed cybersecurity law that is critical to the apartment industry. The related law provides liability protection for multifamily firms and other companies from civil lawsuits and existing antitrust laws when they voluntarily exchange real-time information about potential cyber threats. Given the amount of personal information apartment firms collect, including Social Security numbers, driver’s license numbers and more as part of the leasing process, this issue is a high priority for the industry.
Of the four documents released, one is of particular note to the apartment industry. The document includes information to assist private companies, including apartment firms, on how to share cyber threat indicator information with the Federal Government. Specifically, there are several options for communicating cyber threats, including DHS' Automated Indicator Sharing (AIS) initiative. According to DHS, the goal of the initiative is to achieve real-time sharing of cyber threat indicators by enabling the department’s National Cybersecurity and Communications Integration Center to:
- Receive indicators from the private sector and other non-federal entities;
- Remove unnecessary personally identifiable information; and
- Disseminate the indicators, as appropriate, to other federal departments and agencies, and the private sector and other non-federal entities.
DHS Secretary Jeh Johnson invites companies to work with his agency to set up the technical infrastructure needed to share and receive cyber threat indicators in real-time. Additional information on options to communicate cyber threat indicators to the Federal Government can be found here.
The other three guidance documents released by DHS and DOJ set procedures for the Federal Government’s receipt and sharing of cyber threat indicators, as well as guidelines for addressing privacy and civil liberties.
- Congress Presses Forward on Consumer Data Privacy
- Data Security Letter to Senate Committee on Banking, Housing and Urban Affairs
- Equifax, Marriott Take the Stand as More Senate Committees Join the Data Privacy and Security Debate
- Congress Looks to Add New Cyber Disclosure Rules for Companies
- Consumer Privacy and Data Security Issues Front-and-Center for Congress