Earlier today CCHS Director Frank Cilluffo and I published a commentary in The Conversation about the new Executive Order (EO 13691) on “Promoting Private Sector Cybersecurity Information Sharing”, issued by the White House earlier this month.
Some key points in our analysis:
US companies have historically been wary of openly talking about their cybersecurity efforts with competitors and with government — for good reason. Many businesses fear that sharing threat-related information could expose them to liability and litigation, undermine shareholder or consumer confidence, or introduce the potential for leaks of proprietary information. … Yet on the heels of a deluge of high-profile cyberattacks and breaches against numerous US companies, we may finally have reached a tipping point, where potential harm to reputation and revenue now outweighs the downside of disclosure from a corporate perspective.
…For example, a group of US companies (including McAfee and Symantec) are banding together to form a “Cyber Threat Alliance” which aims “to disperse threat intelligence on advanced adversaries across all member organizations to raise the overall level of situational awareness to better protect both the…organizations and their customers.” After all, it is companies themselves that usually have the greatest incentives to protect their own assets. Yet companies need to understand and respect the contours of what constitutes lawful defense and response, consistent with government’s rules of the road which, admittedly, are a work in progress, at best.
You can read the entire article at this link.