Thursday, July 19, 2012

Legal, Regulatory Risks Keep Firms From Sharing Cyber Threat Data

From the article:  "More information sharing is needed between companies and government agencies in order to help fend off attacks from hacktivists, criminals, and nation-states that target computer networks in the United States, according to the Cyber Security Task Force: Public-Private Information Sharing report written by the Homeland Security Project at the non-profit Bipartisan Policy Center. …"The resolution of numerous legal impediments -- some real, some perceived -- is asserted by various stakeholders as a predicate to more robust cyber threat information sharing among private sector entities and between the private sector and the government," the report says. "Perceptions of such impediments have created a collective action problem in which companies hold threat and vulnerability information close, rather than sharing it with each other or the government. Information that should be shared includes, but is not limited to, malware threat signatures, known malicious IP addresses, and immediate cyber attack incident details." 

To resolve this dilemma, the report proposes offering some safe harbors for cyber security-related information sharing." Read more

See also
Bipartisan Policy Center Task Force Calls for Improved Information-Sharing, The Hill, July 19, 2012.