Government and the private sector both have built-in roadblocks to sharing cybersecurity information.
Most people would agree that the public and private sectors should collaborate for the sake of cybersecurity, but the sharing relationship doesn’t always go smoothly.
In the past, cybersecurity pros have spoken to Government Technology about the government’s reticence to share information because of concerns over privacy and classified data. It’s also not always in companies’ best interests to disclose vulnerabilities in their own products because doing so isn't good for sales.
In honor of the fact that October is Cybersecurity Awareness Month, we wanted to share a few tips on how to make the information sharing process easier for government. I caught up with Stuart McClure, founder and CEO of security company Cylance, at Black Hat 2013 to get his thoughts on how to increase the government’s trust in the process.
He had two main thoughts on the issue:
1. Be honest and straightforward in your information-sharing policy. “Each agency has to be able to share what data that they have when they get it with everyone at the table,” he said. But something should be put in place so that the data’s caretakers don't experience any negative consequences as a result. “We need to start seeing some experiential successes so that when they do share those that they aren’t burned by it.”
2. Think twice before labeling your data as “classified.” McClure feels that more than 90 percent of government information should be unclassified, and yet government chooses to classify it. "The restrictions for how information is shared is far too egregrious,” he said. “They need to really revamp the systems around what to classify [and] how to classify it.”