Properly designed sharing of cyberthreat information is “not...
Properly designed sharing of cyberthreat information is “not likely to raise antitrust concerns,” said the FTC and Department of Justice Thursday in a policy statement. The policy statement does not change the two agencies’ existing analysis, which stems from an October 2000 review (http://1.usa.gov/1n8Zeef). “This statement should help private businesses by making it clear that antitrust laws do not stand in the way of legitimate sharing of cybersecurity threat information,” said FTC Chairwoman Edith Ramirez in a news release. The statement should also encourage the private sector to increase cybersecurity information sharing, said Assistant Attorney General Bill Baer, head of the Antitrust Division. “Cyber threats are increasing in number and sophistication, and sharing information about these threats, such as incident reports, indicators and threat signatures, is something companies can do to protect their information systems and help secure our nation’s infrastructure,” he said during a news conference, according to a prepared version of the speech (http://1.usa.gov/1hEklQr). Cybersecurity information sharing is different from actions that may raise antitrust concerns at FTC and Justice, such as sharing business plans or future price information, the agencies said. The agencies typically examine information sharing agreements through the lens of the agreement’s overall effect on competition. Cyberthreat information sharing can improve efficiency and secure networks both inside and outside critical infrastructure, the agencies said. Since cyberthreat information is typically very technical and covers a “limited category of information,” it’s unlikely to increase participants’ ability or incentive to raise prices or otherwise harm competition, the agencies said. The cybersecurity executive order President Barack Obama signed last year was meant in part to facilitate increased information sharing between companies within critical infrastructure sectors and between the private sector and the government (CD Feb 14/13 p1). The White House “will continue to work with our partners in industry to encourage the development of a network of information sharing partnerships and to identify actions we can take to further reduce barriers to information sharing,” said White House Cybersecurity Coordinator Michael Daniel in a blog post (http://1.usa.gov/1jwKTaL). Congress “must also do its part and enact meaningful solutions to enhance cybersecurity,” Senate Judiciary Committee Chairman Patrick Leahy, D-Vt., said in a statement Thursday. “Developing a comprehensive national cybersecurity strategy is one of the most serious and unmet needs confronting the nation today. Federal data privacy legislation to establish a single, national standard for data breach notification is an important component of cybersecurity legislation and is long overdue.” The House passed the Cyber Intelligence Sharing and Protection Act (HR-624) last year, but efforts to produce a similar bill in the Senate Intelligence Committee appear unlikely to succeed during the remainder of the 113th Congress (CD Jan 6 p2).