How Security Laws Inhibit Information Sharing

 
 
By Karen A. Frenkel  |  Posted 05-10-2016 Email
 
 
 
 
 
 
 
 
 
  • Previous
    How Security Laws Inhibit Information Sharing
    Next

    How Security Laws Inhibit Information Sharing

    Although international companies would like to cooperate with information sharing, many are hampered by conflicting laws in the regions where they are located.
  • Previous
    Data Privacy Laws
    Next

    Data Privacy Laws

    Large, multinational corporations receive sizable amounts of threat data, but the mosaic of data and privacy protection laws within and across regions they operate in impede threat intelligence sharing -- even internally -- in a timely fashion.
  • Previous
    The European Union
    Next

    The European Union

    European Union members have stringent data privacy laws, but there is no consistency. Each has its own laws that sometimes slow, if not prevent, information flow. They can even hinder cyber-security.
  • Previous
    South America
    Next

    South America

    In contrast to the European Union, South America's data privacy laws are quickly gaining ground. Chile has perhaps the most rigorous laws affecting information sharing.
  • Previous
    Challenges Impede Compliance With ISAOs
    Next

    Challenges Impede Compliance With ISAOs

    The challenges posed by inconsistent data privacy laws within the European Union dog even experienced leaders working across national lines and create compliance and operational obstacles to ISAOs.
  • Previous
    National Security Laws
    Next

    National Security Laws

    Countries sometimes limit connectivity protocols so that their security services have easier access to information. These limitations would certainly deter information-sharing into, out of and within countries that have them.
  • Previous
    Russia and China
    Next

    Russia and China

    The number of attacks originating from Russia and China and the nature of their security services indicate that they impose connectivity protocol limitations.
  • Previous
    Aftermath of Terrorist Attacks
    Next

    Aftermath of Terrorist Attacks

    After the November 2015 terrorist attacks in Paris, there have been calls to limit encryption in the United States and other Western nations.
  • Previous
    Call for Vigilance of ISAO Members
    Next

    Call for Vigilance of ISAO Members

    "In the end, ISAOs desiring multinational members or information-sharing will need to be vigilant in determining whether the applicable encryption and protocol laws allow for sufficiently protected information flow," says the report.
  • Previous
    Potential Solutions
    Next

    Potential Solutions

    Multinationals could develop internal compliance programs, but that seems unlikely in the long run because compliance costs are high and there is a great need for expertise.
  • Previous
    Compliance Services
    Next

    Compliance Services

    Third-party vendors could provide compliance services to companies and ISAOs, a likely market solution given that they already have expertise and can spread the cost among many clients.
  • Previous
    Aggregators
    Next

    Aggregators

    Aggregators could establish their own in-house compliance programs and distribute information to individual or ISAO subscribers.
  • Previous
    International ISAOs
    Next

    International ISAOs

    Organizations could form international ISAOs. Given the compliance costs, market efficiencies would likely keep the number of these small and memberships large. Governments are collaborating through Computer Emergency Readiness Teams (CERFs), governments are collaborating, but they are not sufficient
 

A new report finds that although there is a need for actionable threat intelligence and information-sharing worldwide, significant obstacles exist because of data privacy and protection and national security laws. The result is a chilling effect on cross-border cooperation that must be addressed. In that spirit, the report, "Information Sharing and Analysis Organizations: Putting Theory into Practice," by Price Waterhouse Cooper, analyzes global legal hurdles to information-sharing and offers potential solutions. "Information-sharing will not achieve its potential if government agencies, companies and other stakeholders sit back and wait to see what happens," said PWC's David Burg, Global and U.S. Cyber Security Leader. That can happen if government agencies declassify as much cyber-threat information as possible and share it with the private sector, the private sector seeks ways to share its knowledge and commits the time and resources to do so, and if stakeholders help Sharing and Analysis Organizations (ISAOs) fulfill their mandate to offer the best ways to act on the Cyber Security Act of 2015. Here are highlights of the section of the report titled Sharing Threat Intelligence Across Borders.

 
 
 
 
 
Karen A. Frenkel writes about technology and innovation and lives in New York City.

 
 
 
 
 
 

Submit a Comment

Loading Comments...