Businesses should have no fear that sharing information on cybersecurity threats will trigger antitrust law violations, according to recent guidance from the Federal Trade Commission (FTC) and the U.S. Justice Department.
The two regulators last week released a policy statement making it clear that “properly designed” information sharing carries no risk and will ensure the security of the nation’s systems and resources.
“Private parties play a critical role in mitigating and responding to cyber threats, and this policy statement should encourage them to share cybersecurity information,” said Deputy Attorney General James M. Cole.
“Cyber threats are increasing in number and sophistication, and sharing information about these threats, such as incident reports, indicators and threat signatures, is something companies can do to protect their information systems and help secure our nation’s infrastructure,” said Bill Baer, the assistant attorney general in charge of the DOJ’s antitrust division. “With proper safeguards in place, cyber threat information sharing can occur without posing competitive concerns.”
The statement emphasized that “legitimate sharing” of information regarding cyber threats differs from sharing competitive information such as pricing or business plans. Cyber threat information is usually technical and limited in nature, according to the DOJ and the FTC.
“Because of the FTC’s long experience promoting data security, we understand the serious threat posed by cyber attacks,” said Edith Ramirez, chairwoman of the FTC. “This statement should help private businesses by making it clear that antitrust laws do not stand in the way of legitimate sharing of cybersecurity threat information.”