Companies have sometimes been reluctant to share cyber threat information due to concerns over violating antitrust laws. Last Thursday, the Department of Justice (DOJ) and the Federal Trade Commission (FTC) addressed these concerns by issuing a joint policy statement affirming the legality of cybersecurity information sharing under the antitrust laws. The Agencies (DOJ and FTC) acknowledged that information sharing is critical to mitigating the severity and frequency of cyber attacks and therefore issued guidance.
SIIA applauds the Agencies’ commitment to protecting American enterprise and advocating for the necessary information sharing to combat the increasing number of cyber threats. This is an important step forward. Congress can add to it by passing legislation that would provide a safe harbor against the risk of frivolous lawsuits for companies that share cybersecurity threat information.
Deputy Attorney General James M. Cole in remarks at the Pen and Pad Briefing had this to say,
“Some companies have told us that concerns about antitrust liability has been a barrier to being able to openly share cyber threat information with each other. We have heard you. And speaking on behalf of everyone here today, this guidance responds to those concerns, lets everyone know that antitrust concerns should not get in the way of sharing cybersecurity information, and signals our continued commitment to expanding the sharing of cybersecurity information.”
The importance of sharing cyber threat information, in the interest of protecting and improving the safety of American networks cannot be overstated. This system of sharing as indicated by Cole has three parts:
- Companies sharing with government
- Government sharing with companies
- Companies sharing with each other
Assistant Attorney General Bill Baer reiterated,
“As we are well aware, cyber threats are increasing in number and sophistication, and sharing information about threats, such as incident reports, indicators and threat signatures, is something companies can do to protect their information systems and help secure our nation’s infrastructure. This kind of information sharing is good public policy. And the antitrust agencies support it.”
To read the Department of Justice/Federal Trade Commission “Antitrust Policy Statement on Sharing of Cybersecurity Information” please click here.
Sabrina Eyob is the Communications and Public Policy Intern at SIIA. She is a recent graduate of Michigan State University, where she studied Comparative Cultures and Politics, and International Relations.