from Net Politics and Digital and Cyberspace Policy Program

New Cyber Brief: Sharing Classified Cyber Threat Information With the Private Sector

Staff members sit at their work stations at the National Cybersecurity and Communications Integration Center in Arlington, Virginia on January 13, 2015. AFP/Getty Images/Saul Loeb

A new cyber brief argues the U.S. government should create a classified network to share information on cyber threats with private companies critical to the economy.

May 15, 2018

Staff members sit at their work stations at the National Cybersecurity and Communications Integration Center in Arlington, Virginia on January 13, 2015. AFP/Getty Images/Saul Loeb
Blog Post
Blog posts represent the views of CFR fellows and staff and not those of CFR, which takes no institutional positions.

More on:

United States

Cybersecurity

The Digital and Cyberspace Policy Program has launched a new Cyber Brief. This one makes the case for an information-sharing network that would allow the U.S. government to share classified cyber threat information with U.S. critical infrastructure. The brief was written by Robert K. Knake, Whitney Shepardson Senior Fellow and regular on Net Politics

Knake argues that the U.S. government and private industry have been stuck at an impasse concerning cybersecurity information sharing for over a decade. While the Barack Obama administration rolled out executive and legislative efforts to increase information sharing, many U.S. companies still argue that the federal government should do more to provide them with useful intelligence on cyber threats. But the U.S. intelligence community argues that greater declassification and sharing of information with private companies could put technical sources and methods at risk.

According to Knake, fixes to this problem exist. The Department of Defense already provides a classified network for cleared defense contractors to receive intelligence on threats to their companies. Replicating this network for cyber threats has long been discussed as a way to share more information with the financial sector, electricity suppliers, and other private-sector entities critical to the U.S. economy.

The brief argues that expanding this network requires increasing the number of cleared personnel and of facilities that can hold classified information, as well as changing intelligence collection priorities. These hurdles can be addressed by cooperative efforts between the public and private sectors. As a crucial first step, the U.S. government should begin the targeted collection of intelligence on cyber threats to critical infrastructure. To disseminate this information, the government should establish security standards different from those applicable to defense contractors to determine who may hold clearances.

You can find the full brief here.

More on:

United States

Cybersecurity

Creative Commons
Creative Commons: Some rights reserved.
Close
This work is licensed under Creative Commons Attribution-NonCommercial-NoDerivatives 4.0 International (CC BY-NC-ND 4.0) License.
View License Detail
Close