{"id":1635,"date":"2018-05-18T16:25:31","date_gmt":"2018-05-18T16:25:31","guid":{"rendered":"http:\/\/www.blackopspartners.com\/?p=1635"},"modified":"2018-05-18T16:25:31","modified_gmt":"2018-05-18T16:25:31","slug":"sharing-classified-cyber-threat-information-with-the-private-sector","status":"publish","type":"post","link":"https:\/\/blackopspartners.com\/sharing-classified-cyber-threat-information-with-the-private-sector\/","title":{"rendered":"Sharing Classified Cyber Threat Information With the Private Sector"},"content":{"rendered":"
Critical infrastructure companies cannot protect themselves from adversarial nation-states without federal assistance. The U.S. government\u00a0should create a classified network to share information on cyber threats with private companies critical to the economy.<\/em><\/p>\n <\/p>\n The U.S. government and private industry have been stuck at an impasse concerning cybersecurity information sharing for over a decade. While the Barack Obama administration rolled out executive and legislative efforts to increase information sharing, many U.S. companies still argue that the federal government should do more to provide them with useful intelligence on cyber threats. But the U.S. intelligence community argues that greater declassification and sharing of information with private companies could put technical sources and methods at risk.<\/p>\n Fixes to this problem exist. The Department of Defense already provides a classified network for cleared defense contractors to receive intelligence on threats to their companies. Replicating this network for cyber threats has long been discussed as a way to share more information with the financial sector, electricity suppliers, and other private-sector entities critical to the U.S. economy<\/p>\n \n<\/section>\n Expanding this network requires increasing the number of cleared personnel and of facilities that can hold classified information, as well as changing intelligence collection priorities. These hurdles can be addressed by cooperative efforts between the public and private sectors. As a crucial first step, the U.S. government should begin the targeted collection of intelligence on cyber threats to critical infrastructure. To disseminate this information, the government should establish security standards different from those applicable to defense contractors to determine who may hold clearances.<\/p>\n <\/p>\n Information sharing has long been viewed as crucial to cybersecurity and as an area in which the government can play a significant role. If indicators of malicious activity are shared whenever and wherever they are detected, attackers will no longer be able to reuse the same methods against different targets.<\/p>\n The Obama administration and Congress worked together to eliminate perceived barriers to information sharing among private companies, for example through Department of Justice and Federal Trade Commission policies that addressed concerns that sharing information among competitors could violate antitrust law. Obama used executive orders to promote the creation of organizations<\/a> tasked with centralizing private-sector information-sharing efforts and establishing channels with the federal government. Finally, the Cybersecurity Act of 2015 provided liability protections for sharing cybersecurity information among private companies.<\/p>\nIntroduction<\/h2>\n
A System Built for a Bygone Era<\/b><\/h2>\n