Skip Links

White House takes small step toward sharing cyberattack data

National Strategy for Information Sharing and Safeguarding to begin the process of government entities setting up data-sharing mechanisms

By Antone Gonsalves, CSO
December 21, 2012 07:56 AM ET

CSO - The White House has issued a framework for government departments and agencies to follow in sharing information, including data that would help bolster defenses against state-sponsored hackers and other criminals.

Cybersecurity bill fails in Senate

The National Strategy for Information Sharing and Safeguarding is seen as a small step, albeit an important one, as lawmakers struggle with much broader regulations governing data sharing between government and private industry.

Congress failed this year in passing legislation that would have required utilities and others responsible for the nation's critical infrastructure, such as the power grid and water filtration systems, to share information with federal officials.

While lawmakers are expected to revisit the issue next year, the guidelines released Wednesday will begin the process of government entities setting up data-sharing mechanisms. While the document doesn't specifically address cyber-attack data, it would be included in the government's efforts.

"This is a good first step," said Murray Jennex, a cybersecurity expert and associate professor at San Diego State University. "Other agencies will open up to the NSA and the FBI and such, sharing what has happened to them, where before maybe they wouldn't.

"And it does free up the FBI to pass on information to other agencies," he said.

Where data sharing within the government would likely fall short is with the Department of Defense and the National Security Agency (NSA). Those departments can list information as classified, making it shareable only with authorized people. Therefore, a much more detailed order would be needed to set guidelines on declassifying cyberattack data.

"Even though it says that government agencies should share, you're still not going to get, say, the Department of Defense sharing information about a cyberwar attack on them, even though the president says they should," Jennex says. "I don't think that will happen."

As an initial step, the White House report establishes in general terms the importance of data sharing. "Our national security depends on our ability to share the right information, with the right people, at the right time," the report says. "This information sharing mandate requires sustained and responsible collaboration between federal, state, local, tribal, territorial, private sector, and foreign partners."

The Obama administration views information as a "national asset" important for the security of the nation's infrastructure, as well as protecting classified information and intellectual property.

With a few exceptions, not much data sharing goes on between companies or with government. That's because companies fear they will be at a competitive disadvantage if the wrong data is shared. In addition, they are afraid of running afoul of legal requirements.

[See related: Volunteering falls short on threat information sharing]

To be effective, any data-sharing requirements from the government would have to include immunity from lawsuits for the information transferred, Jennex said.

Our Commenting Policies
Latest News
rssRss Feed
View more Latest News