Blog Companies Can Share Cyber Threat Information AND Protect Privacy

Companies Can Share Cyber Threat Information AND Protect Privacy

The controversial Cyber Information Sharing Act (CISA) cleared a key hurdle in the Senate this week and is likely headed for a vote next week. This long-debated bill attempts to promote cyber information sharing by removing legal liabilities associated with sharing of cyber incident data. However, the majority of companies in the technology industry have recently come out strongly against CISA, because this bill does not do enough to protect user privacy.

Unfortunately, it appears that the debate around CISA has focused on the tradeoff between one risk — corporate legal liability — for another — individual user privacy.

While TruSTAR is supportive of all policy efforts that elevate the discussion around cyber information sharing, the current thrust of the political debate seems to miss the fact that information sharing can be done in a privacy-preserving way that does not increase the corporate risk profile.

The type of information that companies should share does not need to include any personally identifiable information (PII) from customers or users. The challenge has been in separating the data we need to share (attack indicators, tactics, and techniques) with the data we need to protect (PII) — and to do so quickly enough that the information shared is still relevant. TruSTAR is focused on using the latest advancements in extraction, authentication, and encryption to enable the rapid anonymous exchange of cyber incident information to manage corporate risk and preserve the privacy of customers.

While we applaud Congress for its efforts to support information sharing, we also acknowledge the issues raised by tech companies and privacy groups. Technology is rarely a panacea, but in this case, it can help address concerns on both sides and put the focus on the core issue we all agree on: enabling meaningful information sharing and collaboration around cyber incidents to help better protect our government, our companies, and all of our valuable personal data that they hold.

IBM & City of Los Angeles Select TruSTAR to Build Security Tool for Local Businesses On Tuesday, at the 2019 LA Cyber Lab Summit, The City of Los Angeles announced their business partnership with IBM Security and TruSTAR to help local ... Read More
Making Sense of Unstructured Intelligence Data Using NLP The push towards structuring threat intelligence data has gained new momentum with the proliferation of new intelligence sharing ontologies like ... Read More
TruSTAR’s Paul Kurtz Talks To Executive Director of IT-ISAC About the Benefits of Intelligence Fusion   In the past twenty years, companies have deployed more technology, processes, and people to defend its applications and systems than ever before… ... Read More
TruSTAR To Present Blockchain Research Tool At ShmooCon 2019 TruSTAR is headed to ShmooCon 2019! As a follow-on to our blockchain research debut at Black Hat and DEF CON 2018, TruSTAR will present a second ... Read More