In an effort to get the best and brightest together to combat cyber risks, President Obama issued a Data Sharing Executive Order last month, which seeks a commitment and cooperation from the private sector to share information on cyber threats with one another and with the federal government in order to effectively combat hacking incidents in the future. The President indicated that increased cyber threats against the government and businesses requires a joint defense by federal and private security experts.
However, there is a real tension between the private sector and the government with information sharing due to the NSA’s surveillance activities and the lack of legislation giving companies liability protection for sharing information with the government. There is an obvious reticence to share information with the government for fear of enforcement and regulatory actions following a data breach.
Although it is logical to gather all relevant information and expertise together and share it widely to combat cyber threats, until the government can give the private sector assurances that it won’t clobber them after their cooperation of exposing vulnerabilities, businesses will continue to go it alone to develop robust security programs to manage liability risks.
The key to success is to allow all entities to share the most up to date vulnerabilities and the best security measures to combat them so there is a united effort to protect data. The government can implement such a program, but there has to be mutual trust and incentives in place before it will happen.