The Obama administration is working to expand cyber information sharing through executive action, says Michael Daniel, White House Cybersecurity Coordinator. ()
Companies should not be concerned about violating antitrust laws when sharing cybersecurity information, according to a formal policy statement by the Federal Trade Commission and Justice Department.
In the absence of cybersecurity legislation with defined information sharing requirements, some companies have been hesitant to share data for fear of violating antitrust laws aimed at protecting competition.
Justice and the FTC made clear in an April 10 statement that they “do not believe that antitrust is — or should be — a roadblock to legitimate cybersecurity information sharing.”
Cyber threat information is generally technical data and very different from sharing competitively sensitive information, such as current or future prices and output or business plans, according to the policy statement. Today, companies and agencies are sharing signatures of known threats. The signatures provide unique identifiers for specific threats and better equip organizations to proactively prevent, detect and contain those attacks.
“Without effective information sharing, an attacker can send the same spear phishing message with the same malware to thousands of different targets, assuming that some will identify and stop the attack but most will not,” Rand Beers, White House deputy homeland security adviser, said in prepared remarks. “If companies are sharing information with each other, detection by one company can thwart the attack for many, creating the equivalent of herd immunity in cyberspace.”
Michael Daniel, White House cybersecurity coordinator, said in an April 10 blog post that the administration is working to expand cyber information sharing through executive action and by coordinating with Congress to update laws that would enhance sharing and preserve privacy and civil liberties.
“Companies should assess whether the remaining risks they perceive for engaging in legitimate information sharing are greater than those they face for failing to protect their customer data, their intellectual property, and their business operations from the growing cyber threats to them,” Daniel said.