Cyber Threat Information Sharing
There is broad consensus that improved information sharing is critical to combating cyber threats. In the past five years, several bills have been introduced in Congress aimed at incentivizing information sharing by offering liability protection and access to government-furnished cyber threat information. But none of these efforts has advanced, largely due to disagreements over privacy, law enforcement access to information, and antitrust concerns that fractured support for legislation.
With varying degrees of success, the sector-specific Information Sharing and Analysis Centers (ISACs) and other private entities have implemented their own cyber information sharing programs. Executive branch agencies have also experimented with various models, such as the DIB Cyber Pilot and the DHS Enhanced Cybersecurity Services program.
Questions remain about how to overcome legal challenges posed by the Electronic Communications Privacy Act (ECPA), Freedom of Information Act (FOIA), and the antitrust laws; as well as structural issues, such as the role of government and mechanisms to ensure that the information shared is useful, timely, and adequately protected.
This project convenes key stakeholders from all the major industry sectors, civil society, and government to discuss the legal, structural, and technical challenges to information sharing. The project identifies lessons learned from prior information sharing efforts and develops practical recommendations for an effective cyber threat information-sharing model.
Session 1 (December 5, 2014)
Session 2 (January 7, 2015)
Session 3 (February 18, 2015)
This project is made possible with support from the American Bankers Association, Depository Trust & Clearing Corporation, Financial Services Information Sharing & Analysis Center, and Soltra.