The US Department of Justice and the Federal Trade Commission announced on Thursday that private companies can share information related to cybersecurity without breaking antitrust laws.
In a joint policy statement, the agencies acknowledged that if done properly, cyber threat information sharing “can help secure the nation’s networks of information and resources.”
Unlike competitively sensitive information such as prices or business plans, the agencies say that cyber threat information should not raise antirust concerns. According to the statement, cyberthreat information is usually “technical in nature and covers a limited type of information, and disseminating that information appears unlikely to raise competitive concerns.”
In a press conference on Thursday, the federal agencies pointed to the Target data breach as an example of how “far-reaching the cyber threat has become.”
“Cyber threats are increasing in number and sophistication, and sharing information about these threats, such as incident reports, indicators and threat signatures, is something companies can do to protect their information systems and help secure our nation’s infrastructure,” Assistant Attorney General Bill Baer in charge of the Department of Justice’s Antitrust Division said. “With proper safeguards in place, cyber threat information sharing can occur without posing competitive concerns.”
Information sharing is critical for mitigating serious cyberthreats, and is a crucial aspect of the Obama administration’s cybersecurity framework. Released earlier this year, the cybersecurity framework is a voluntary program designed to help protect critical infrastructure from cyberattacks, and encourages information sharing between private and public sector entitites.