The Digital and Cyberspace Policy Program has launched a new Cyber Brief. This one makes the case for an information-sharing network that would allow the U.S. government to share classified cyber threat information with U.S. critical infrastructure. The brief was written by Robert K. Knake, Whitney Shepardson Senior Fellow and regular on Net Politics.
Knake argues that the U.S. government and private industry have been stuck at an impasse concerning cybersecurity information sharing for over a decade. While the Barack Obama administration rolled out executive and legislative efforts to increase information sharing, many U.S. companies still argue that the federal government should do more to provide them with useful intelligence on cyber threats. But the U.S. intelligence community argues that greater declassification and sharing of information with private companies could put technical sources and methods at risk.
According to Knake, fixes to this problem exist. The Department of Defense already provides a classified network for cleared defense contractors to receive intelligence on threats to their companies. Replicating this network for cyber threats has long been discussed as a way to share more information with the financial sector, electricity suppliers, and other private-sector entities critical to the U.S. economy.
The brief argues that expanding this network requires increasing the number of cleared personnel and of facilities that can hold classified information, as well as changing intelligence collection priorities. These hurdles can be addressed by cooperative efforts between the public and private sectors. As a crucial first step, the U.S. government should begin the targeted collection of intelligence on cyber threats to critical infrastructure. To disseminate this information, the government should establish security standards different from those applicable to defense contractors to determine who may hold clearances.
You can find the full brief here.