There is already a significant volume of cyber threat and vulnerability information shared, as well as numerous programs designed to assist the process. What we don’t need are new structures and new programs – government should look to improve on existing ones rather than attempt to reinvent the wheel.
Timeliness is key – push out more and better information earlier. Industry still feels like the government to private sharing is a one way street.
This effort must also acknowledge the reality of the post-Snowden world. US companies that operate in Europe, Asia, and elsewhere are still dealing with the lack of trust that came from those disclosures. Thus it is important that privacy be at the forefront of any new or expanded efforts, and they recognize the global nature of our business.
Info sharing is frequently cited as a way to improve cybersecurity across the ecosystem, but it is important to recognize it is just a part of a larger solution.
Increased speed and volume of sharing will help to limit the effectiveness of new and emerging threats.
Government has made info sharing a priority and we want to be sure it’s done in a way that actually leads to improvement.