Information sharing between government agencies and corporations questioned
The sharing of information on threats and attacks between government agencies and companies in the private sector has been tried numerous times and in many different ways over the last decade, with varying degrees of success. The need for information flowing in both directions likely is more pressing than ever right now, with high-level attacks targeting critical infrastructure systems and utilities every day, but much of that data in the government realm remains classified and few enterprises are eager to reveal details, either. As the attacks continue, officials say there may be a need for a new mechanism to get the information flowing.
One of the main problems when it comes to information sharing programs is that the data on new threats and attacks needs to be shared as the attacks are happening, and that’s difficult to accomplish. In the middle of an attack, security teams and incident-response groups are concerned with stopping the attack, discovering what systems have been compromised and determining whether any data was stolen. Packaging up the information on what happened, even if it’s readily accessible, and making it available for others is typically a low priority.
Read more on ThreatPost
- Hopes for federal cybersecurity standards fading (pcadvisor.co.uk)
- White House orders spy agencies to share cyberthreat intel with companies (nbcnews.com)
- DOD Seeks Ways to Streamline Information Sharing (defense.gov)