Getting Serious about Information Sharing for Cybersecurity
April 10, 2014
Our cybersecurity in large part depends on the strength of the weakest part of a network. So, it is critical that the private sector, federal, state and local governments, and communities work together to build up our cyber security. Today’s announcement by the Department of Justice and the Federal Trade Commission that they have issued guidance to clarify that cybersecurity information can be shared with competitors without violating antitrust law – long a perceived barrier to effective cybersecurity – is so important. These two agencies, together charged with enforcing our antitrust laws, have made clear today that they do not believe “that antitrust is – or should be – a roadblock to legitimate cybersecurity information sharing.”
We know sharing threat information is critical to effective cybersecurity. Indeed, reducing barriers to information sharing is a key element of this Administration’s strategy to improve the nation’s cybersecurity, and we are aggressively pursuing these efforts through both executive action and legislation. Today’s announcement makes clear that when companies identify a threat, they can share information on that threat with other companies and help thwart an attacker’s plans across an entire industry.
We know many companies are already sharing information on cyber threats with each other and with the government through programs that preserve the privacy of Americans, maintain appropriate constraints on government access to private information, and do not lead to anti-competitive practices.
For example, during the denial-of-service attacks that targeted the websites of many leading U.S. banks over the last few years, the Financial Services Information Sharing and Analysis Center brought these banks together to exchange information with each other and with the Federal government. That information helped companies manage the attacks.
Non-profit information sharing organizations such as Boston’s Advanced Cybersecurity Center, the Bay Area Security Council, and ChicagoFirst have shown value in building smaller trust networks across sectors in metropolitan areas. And many for-profit information sharing organizations are also stepping into the game.
We will continue to work with our partners in industry to encourage the development of a network of information sharing partnerships and to identify actions we can take to further reduce barriers to information sharing.