Organizations can share cyber-threat information with each another without having a fear of prosecution for violation of anti-trust laws as stated by two U.S. government agencies have announced. U.S. Department of Justice and the Federal Trade Commission said in a joint policy statement that such information is shared for the right reasons and also the agencies added, it is unlikely to raise anti-trust concerns.
|Image Source : Internet|
Assistant attorney general Bill Baer who is in charge of the Department of Justice’s anti-trust division, said in a press release that “Cyber threats are increasing in number and sophistication, and sharing information about these threats, such as incident reports, indicators and threat signatures, is something companies can do to protect their information systems and help secure our nation’s infrastructure. With proper safeguards in place, cyber-threat information sharing can occur without posing competitive concerns.”
The policy statement lays out what types of information sharing between private entities is permissible. It also explains the difference between acceptable sharing of cyber-threat information and divulging of competitively sensitive data such as current or future prices and output or business plans. Agencies described cyber-threat information as technical in nature and limited in scope so that the dissemination of the information is unlikely to raise competitive concerns.
FTC chairwoman Edith Ramirez said that “Because of the FTC’s long experience promoting data security, we understand the serious threat posed by cyber-attacks. This statement should help private businesses by making it clear that antitrust laws do not stand in the way of legitimate sharing of cyber-security threat information.