Accurate, Focused Research on Law, Technology and Knowledge Discovery Since 2002

FTC, DOJ Issue Antitrust Policy Statement on Sharing Cybersecurity Information

“The Federal Trade Commission and the Department of Justice today issued a policy statement on the sharing of cyber-security information that makes clear that properly designed cyber threat information sharing is not likely to raise antitrust concerns and can help secure the nation’s networks of information and resources. The policy statement provides the agencies’ analytical framework for information sharing among private entities and is designed to reduce uncertainty for those who want to share ways to prevent and combat cyberattacks. “Because of the FTC’s long experience promoting data security, we understand the serious threat posed by cyberattacks,” said FTC Chairwoman Ramirez. “This statement should help private businesses by making it clear that antitrust laws do not stand in the way of legitimate sharing of cybersecurity threat information.”  “The Department of Justice is committed to doing all it can to protect the security of our nation’s networks.  Through the FBI and the National Security and Criminal Divisions, the department plays a critical role in preventing and prosecuting cybercrime,” said Deputy Attorney General James M. Cole.  “Private parties play a critical role in mitigating and responding to cyber threats, and this policy statement should encourage them to share cybersecurity information.” “Cyber threats are increasing in number and sophistication, and sharing information about these threats, such as incident reports, indicators and threat signatures, is something companies can do to protect their information systems and help secure our nation’s infrastructure,” said Assistant Attorney General Bill Baer in charge of the Department of Justice’s Antitrust Division. “With proper safeguards in place, cyber threat information sharing can occur without posing competitive concerns.”In the policy statement, the federal antitrust agencies recognize that the sharing of cyber threat information has the potential to improve the security, availability, integrity and efficiency of the nation’s information systems. The policy statement also emphasizes that the legitimate sharing of cyber threat information is very different from the sharing of competitively sensitive information such as current or future prices and output or business plans, which may raise antitrust concerns. Cyber threat information is typically technical in nature and covers a limited type of information, and disseminating that information appears unlikely to raise competitive concerns.”

Leave a reply