Sharing cyber threat info not an antitrust violation, say FTC, Justice Dept.

By Erin Ayers on April 15, 2014

FTCpicBusinesses should have no fear that sharing information on cybersecurity threats will trigger antitrust law violations, according to recent guidance from the Federal Trade Commission (FTC) and the U.S. Justice Department.

The two regulators last week released a policy statement making it clear that “properly designed” information sharing carries no risk and will ensure the security of the nation’s systems and resources.

“Private parties play a critical role in mitigating and responding to cyber threats, and this policy statement should encourage them to share cybersecurity information,” said Deputy Attorney General James M. Cole.

“Cyber threats are increasing in number and sophistication, and sharing information about these threats, such as incident reports, indicators and threat signatures, is something companies can do to protect their information systems and help secure our nation’s infrastructure,” said Bill Baer, the assistant attorney general in charge of the DOJ’s antitrust division. “With proper safeguards in place, cyber threat information sharing can occur without posing competitive concerns.”

The statement emphasized that “legitimate sharing” of information regarding cyber threats differs from sharing competitive information such as pricing or business plans. Cyber threat information is usually technical and limited in nature, according to the DOJ and the FTC.

“Because of the FTC’s long experience promoting data security, we understand the serious threat posed by cyber attacks,” said Edith Ramirez, chairwoman of the FTC. “This statement should help private businesses by making it clear that antitrust laws do not stand in the way of legitimate sharing of cybersecurity threat information.”

eayers@advisen.com'

Erin is an editor at Advisen. She has 15 years of journalism experience. Prior to Advisen, Erin covered property-casualty insurance for 13 years as editor-in-chief of The Standard, New England’s Insurance Weekly. Erin is based in Boston, Mass. Contact Erin at [email protected].