How Security Laws Inhibit Information Sharing

How Security Laws Inhibit Information Sharing

How Security Laws Inhibit Information SharingHow Security Laws Inhibit Information Sharing

Although international companies would like to cooperate with information sharing, many are hampered by conflicting laws in the regions where they are located.

Data Privacy LawsData Privacy Laws

Large, multinational corporations receive sizable amounts of threat data, but the mosaic of data and privacy protection laws within and across regions they operate in impede threat intelligence sharing — even internally — in a timely fashion.

The European UnionThe European Union

European Union members have stringent data privacy laws, but there is no consistency. Each has its own laws that sometimes slow, if not prevent, information flow. They can even hinder cyber-security.

South AmericaSouth America

In contrast to the European Union, South America’s data privacy laws are quickly gaining ground. Chile has perhaps the most rigorous laws affecting information sharing.

Challenges Impede Compliance With ISAOsChallenges Impede Compliance With ISAOs

The challenges posed by inconsistent data privacy laws within the European Union dog even experienced leaders working across national lines and create compliance and operational obstacles to ISAOs.

National Security LawsNational Security Laws

Countries sometimes limit connectivity protocols so that their security services have easier access to information. These limitations would certainly deter information-sharing into, out of and within countries that have them.

Russia and ChinaRussia and China

The number of attacks originating from Russia and China and the nature of their security services indicate that they impose connectivity protocol limitations.

Aftermath of Terrorist AttacksAftermath of Terrorist Attacks

After the November 2015 terrorist attacks in Paris, there have been calls to limit encryption in the United States and other Western nations.

Call for Vigilance of ISAO MembersCall for Vigilance of ISAO Members

“In the end, ISAOs desiring multinational members or information-sharing will need to be vigilant in determining whether the applicable encryption and protocol laws allow for sufficiently protected information flow,” says the report.

Potential SolutionsPotential Solutions

Multinationals could develop internal compliance programs, but that seems unlikely in the long run because compliance costs are high and there is a great need for expertise.

Compliance ServicesCompliance Services

Third-party vendors could provide compliance services to companies and ISAOs, a likely market solution given that they already have expertise and can spread the cost among many clients.

AggregatorsAggregators

Aggregators could establish their own in-house compliance programs and distribute information to individual or ISAO subscribers.

International ISAOsInternational ISAOs

Organizations could form international ISAOs. Given the compliance costs, market efficiencies would likely keep the number of these small and memberships large. Governments are collaborating through Computer Emergency Readiness Teams (CERFs), governments are collaborating, but they are not sufficient

Karen A. Frenkel
Karen A. Frenkel
Karen A. Frenkel is a contributor to CIO Insight. She covers cybersecurity topics such as digital transformation, vulnerabilities, phishing, malware, and information governance.

Get the Free Newsletter!

Subscribe to Daily Tech Insider for top news, trends, and analysis.

Latest Articles