Agreements to share cyber information only work when they can effectively yield cost-savings and valuable threat intelligence without compromising an organization’s competitiveness, a cyber researcher said Monday.
Neil Robinson, a Rand Europe researcher, said Monday that success in sharing cyber threat information also depends on the publicity of the agreement, according to FierceGovernment IT.
Successful but highly-publicized information makes partnerships vulnerable since publicity could jeopardize trust and fact that the partnership is seen as a closed and trusted network, Robinson said.
Rand has identified the main incentives for companies to share threat-related information with government sponsorship to include cost saving, quality information and nondisclosure agreements, he said.
The firm examined European telecommunications firms who engaged in cyber sharing practices with the government acting as a neutral third party information sharing platform provider.
When firms gained insightful cyber intelligence, companies found partnerships useful since they were able to reduce cost induced by cybersecurity measures, Robinson said.
European firms also wanted nondisclosure agreements so that partners cannot make public information that would hurt their competitiveness or damage their reputation.
Companies do not want to participate if there is poor information available, if it will put their reputation at risk or if there is poor management involved, Robinson said.
In late April, the House passed a bill to create a system where private organizations can voluntarily provide national security agencies with cyber threat information in return for liability protection.