Information Sharing: If It's Such a Good Thing, Why Isn't Everyone Doing It?
Our national security relies on our ability to share the right information, with the right people, at the right time.
While the high-profile attacks against Target, e-Bay, Home Depot, Nieman Marcus, JPMorgan Chase, Sony Pictures Entertainment, Anthem, the IRS, and OPM have enhanced awareness of the depth and breadth of harm that organized cyber attacks can pose, they are only a very small number of the publicly disclosed attacks perpetrated against entities in the U.S. over the last two years. Indeed, credible sources tend to believe that “hundreds of thousands” of other entities likely suffered similar incidents during the same period, with one survey asserting that 43% of business firms in the U.S. had discovered a data breach between 2013 and 2014. According to the Congressional Research Service (CRS), the consensus view is that the cyber attacks of the last few years will be eclipsed by “more frequent and more sophisticated” cyber incidents going forward. What, then, can we do to slow, if not stop, this tide? One answer is to enable and increase information sharing about cyber incidents and successful defensive techniques between private-sector entities and the Federal government.