Cybersecurity and Information Sharing: Legal Challenges and Solutions

"Over the course of the last year, a host of cyberattacks has been perpetrated on a number of high profile American companies. The high profile cyberattacks of 2014 and early 2015 appear to be indicative of a broader trend: the frequency and ferocity of cyberattacks are increasing, posing grave threats to the national interests of the United States. While considerable debate exists with regard to the best strategies for protecting America’s various cyber-systems and promoting cybersecurity, one point of general agreement amongst cyber-analysts is the perceived need for enhanced and timely exchange of cyber-threat intelligence both within the private sector and between the private sector and the government. Nonetheless, there are many reasons why entities may opt to not participate in a cyber-information sharing scheme, including the potential liability that could result from sharing internal cyber-threat information with other private companies or the government. More broadly, the legal issues surrounding cybersecurity information sharing— whether it be with regard to sharing between two private companies or the dissemination of cyber-intelligence within the federal government—are complex and have few certain resolutions. In this vein, this report examines the various legal issues that arise with respect to the sharing of cybersecurity intelligence, with a special focus on two distinct concepts: (1) sharing of cyberinformation within the government’s possession and (2) sharing of cyber-information within the possession of the private sector..."
Cybersecurity and information sharing