US Wants Companies to Share Cybersecurity Information with Each Other

The U.S. government is encouraging companies to share cybersecurity information with each other to avoid further massive data breaches that have affected retailers and other businesses. The government made it clear that doing such would not violate anti-trust laws.

In the past months, many big companies have suffered from data breaches that compromised data of their numerous customers and users. In November 2013, the retailing company Target suffered from a "sophisticated cyberattack operation" which compromised 110 million customer data in two weeks. These data were allegedly routed to a Russian server from a malware-infected point-of-sale (POS) terminal used on credit and debit card transactions.

Also recently, a flawed encryption tool called "Heartbleed" bug also exploited chunks of confidential data to hackers, leading many Internet companies to be on high alert against it. A report from a cybersecurity firm estimated that about 67 percent of active websites may have been affected.

These events prompted the U.S. government to push for cybersecurity information.

"Legitimate cyber threat sharing can help secure the nation's networks," said James Cole, an official at the U.S. Justice Department, to Reuters during a briefing on new guidance the agency issued along with the Federal Trade Commission.

However, many were uncertain to do it thinking that it is an anti-trust violation.

BIll Baer, the head of the U.S. Justice Department, was quick to explain that as long as companies won't discuss competitive details, like marketing strategies and pricing, when sharing cybersecurity information, companies won't be violating any antitrust laws.

U.S. President Barack Obama, in fact, signed an executive order last year, which would make it easier for companies to access data of the government about cyber threats, to show support of the effort.

The administration also introduced standards to aid companies in critical industries, in their defense against cyber attacks. However, it is not clear how the standards are being applied.