Share the post "Companies Told To Share Security Data In The US"
The Justice Department has issued new legal guidance to companies asking them to share cyber-security information with each other and the government, while also protecting the privacy of their customers.
The guidance has come in the backdrop of sharp increase in computer-based crime, which siphons billions of dollars from companies and individuals, and could pose major national security and economic harm.
According to Verizon, credit card and other private data belonging to hundreds of millions of consumers was compromised in a series of major retailer breaches in 2013. The company compiles an authoritative survey of cyber-security threats around the world.
The U.S. government’s effort to try to improve cyber-security is hampered by fears of the kind of widespread government surveillance revealed in leaks by former National Security Agency contractor Edward Snowden.
James Cole, deputy attorney general, said that the new guidance was issued because company executives have told him “they would like to work more with the government but want to do so without compromising consumer privacy.”
The legal guidance tells companies that they won’t violate federal communications law if they share aggregate data, which doesn’t divulge specific information on customers, when a cyber breach occurs.
“Many of the characteristics of cyber threats can be shared, if they do not pertain to any specific customers or subscribers,” the legal guidance says. “Similarly, characteristics of a computer virus or malicious cyber tool that do not divulge subscriber or customer-specific information could be shared.”
The paper also says a communications provider could tell a governmental entity about unusual surges or drops in certain types of Internet traffic “which could be harbingers of a serious cyber incident.”