The attacks on information technology systems from a wide range of adversaries – including hacktivists, criminals, and nation-states – continue to grow.
From October 2011 through February 2012, over 50,000 cyber attacks on private and government networks were reported to the Department of Homeland Security (DHS), with 86 of those attacks taking place on critical infrastructure networks. The incidents reported to DHS represent only a small fraction of cyber attacks carried out in the United States. The financial losses resulting from the theft of intellectual property and other sensitive information continue to increase dramatically, to say nothing of the loss of state secrets and damage to our national security.
Improvements in information sharing between the federal government and private sector about cyber threats and vulnerabilities show great promise for improving our cyber defenses and potential response measures. Public- private cyber information sharing can bolster and speed identification and detection of threats and will be critical to a coordinated response to a cyber incident. This type of information sharing can and must be done in a manner that protects privacy and civil liberties.
Despite general agreement that we need to do it, cyber information sharing is not meeting our needs today. The resolution of numerous legal impediments – some real, some perceived – is asserted by various stakeholders as a predicate to more robust cyber threat information sharing among private sector entities and between the private sector and the government. Perceptions of such impediments have created a collective action problem in which companies hold threat and vulnerability information close, rather than sharing it with each other or the government. Information that should be shared includes, but is not limited to, malware threat signatures, known malicious IP addresses, and immediate cyber attack incident details.