Andy Ozment on Information Sharing and Cybersecurity

February 10, 2016

Rebecca Blumenstein

Among other goals, the Cybersecurity Information Sharing Act aims to foster closer cooperation between government and the corporate sector. Under the act, passed in December and due to take effect soon, Washington will share information with businesses about cyberthreats and give companies protection from liability when sharing information with the government.

To get a picture of the changing landscape, The Wall Street Journal’s Rebecca Blumenstein spoke with Andy Ozment, assistant secretary, Office of Cybersecurity and Communications, in the Department of Homeland Security. Here are edited excerpts of the conversation.

MS. BLUMENSTEIN: Can you explain what the Cybersecurity Act is and why it’s significant?

MR. OZMENT: It took a while for policy makers to wrap their heads around information sharing. What do we even mean by that? The first thing to emphasize about this legislation is it’s about indicators, not incidents.

What’s an indicator? It’s a “be on the lookout.” Be on the lookout for this IP address, this phishing email, you name it. That’s what we’re talking about.

MS. BLUMENSTEIN: There’s also shared liability, right?

MR. OZMENT: The idea is liability protection for you. Why did you have liability in the first place? Most of the laws that would have given you liability here were intended as privacy laws for consumers. This bill says if you’re sharing this information for cybersecurity purposes, you’re protected against liability.

MS. BLUMENSTEIN: The private sector has been reluctant to work closely with the federal government. Do you think that this is going to be a tough sale?

MR. OZMENT: We’re making progress. I have to somewhat limit my selling of this because we have done this extremely rapidly.