Despite a Congress that “is not passing many bills these days,” the White House has advanced an agenda to promote and facilitate information sharing on security threats and vulnerabilities, Ari Schwartz, senior director for cybersecurity, National Security Council, at the White House, told attendees SC Congress New York Tuesday.
Delivering the keynote address, “Knocking down the barriers to information sharing,” Schwartz noted that while motivations and the attackers differ — from criminal to nation-state operatives — they “all use the same tools.” And, organizations mostly don't care why or who as much as what and how.
“They just want them to stop,” he said. “They want to know what kind of practices they should put in place in terms of policy.”
By sharing information, companies and government agencies can more readily identify a threat or an attack and mitigate or thwart it long before significant damage is done. But coaxing private and public sector organizations to share information amongst themselves and with each other has proven difficult.
While private to private information-sharing is nothing new, Schwartz said, companies may still be hesitant to share information with competitors. Likewise, private companies have not wholly trusted government to protect information it receives from them, protect it and use it properly. A similar wariness has stymied the flow of threat information among some governments.
But improving government sharing of information with the private sector “is one we could make most progress on without new legislation,” said Schwartz. “We just needed to get more people cleared, get more information declassified and provide more unclassified information.”