Both public- and private-sector entities fall victim to cyber criminals and other malicious actors each day. Sharing information about cyber threats is critical to preventing and combating these attacks.
Over the past several years, Congress and the courts have taken steps to clarify and promote information sharing. Last year, the Department of Justice and Federal Trade Commission provided guidance clarifying that private entities can share cyber-threat information without raising antitrust concerns -- helping pave the way for more timely cyber-threat information sharing. That was a helpful step, but there is more that can be done.
For our member companies, ensuring that information networks -- their own and those of their partners and customers -- are well protected and able to fend off cyber attacks is critical. The timely and appropriate sharing of information about cyber-security threats, vulnerabilities, lessons learned, and best practices is imperative to building a collaborative framework to defend networks against attacks. This can and should be done in a manner that respectful of privacy, as cyber-threat information sharing involves the sharing of technical information and rarely, if ever, involves the use of personal information.
To that end, BSA supports six key tenets policymakers should follow in order to usher in an era of effective cyber threat information sharing. These tenets include:
- Empowering private entities, through appropriately targeted legislation and policies, to voluntarily share information regarding cyber-threat indicators with other private entities or governments, domestically and internationally, by expressly limiting potential legal or regulatory consequences, both for sharing and receiving this information.
The House of Representatives has an opportunity this week to build upon this effort. We expect the House to consider the Protecting Cyber Networks Act (H.R. 1560) and the National Cybersecurity Protection Advancement Act of 2015 (H.R. 1731). Together these bills go a long way toward breaking down the legal barriers that currently discourage information sharing while ensuring that privacy is protected. We urge the House to send this legislation to the Senate so that it can to pass its own legislation and send a final product to the president for signature.