IBMer to Congress: Info Sharing is Key to Managing Cyber Risks

Share this post:

With national attention focused on high-profile cyber attacks, IBM’s top cybersecurity legal expert today spoke to members of Congress about the importance of sharing cyber threat information, and how legislation can be shaped to help promote that sharing.

Washington, D.C. – With high-profile cyber intrusions and data breaches captivating national attention, IBM’s top cyber security legal expert today spoke to members of Congress about the need to foster more sharing of cyber threat data among businesses and other organizations.

In testimony before the U.S. House of Representatives Permanent Select Committee on Intelligence, IBM Cybersecurity Counsel Andrew Tannenbaum explained that enterprises have adopted a “risk management” approach to cyber threats.

He noted that in years past, securing networks was a relatively contained matter. Today however, businesses can have millions of users accessing their systems and the volume of data that has to be secured is staggering, and growing by the second. “Companies know they cannot eliminate all cybersecurity risk, he said, “the threats are simply too diverse and dynamic.” Businesses therefore identify potential risks in their IT systems, prioritize them and allocate security resources accordingly.

Tannenbaum then pointed out that cybersecurity is a data analytics challenge, and that a critical element of any enterprise-level cybersecurity risk management program is the ability to rapidly receive and use actionable data about the latest cyber threats. With new threats evolving in near real-time, companies need to be able to share such data quickly to keep one another one step ahead of the hackers.

In urging members of Congress to pass information sharing legislation as quickly as possible, Tannenbaum detailed three elements that IBM views as vital to making a cybersecurity bill truly effective. These included:

  • Privacy Protection – any cybersecurity information sharing legislation must protect the privacy of individuals. Sharing should be limited to technical details organizations need to defend their systems.
  • Liability Protection – businesses will be reluctant to share threat information until federal law is updated to provide legal clarity and liability protection for companies who do so appropriately and in good faith.
  • Sharing “Rules of the Road” – companies need a single, civilian government agency with which to share cyber threat info, as well as reasonable flexibility to engage other agencies under specific and justifiable circumstances.

Tannenbaum stated IBM’s appreciation of the recent cybersecurity and information sharing initiatives launched by President Obama, while pointing out that bipartisan information sharing legislation remains vital to an effective cybersecurity strategy. IBM will, he said, continue working Congress and the Administration to secure passage of such a bill.
Download the testimony


Media Contact:

Adam R. Pratt
(202) 551-9625

More stories

A New Public-Private Partnership to Advance Cybersecurity in France

IBM today opened its new Security Operations Center (SOC) in Lille, France. The SOC offers security incident and response services to organisations that are at the heart of the French society and economy. Operating 24 hours a day, seven days a week, the security center team will monitor the latest security events, assess their potential impact […]

Continue reading

IBM Statement on Filing an Amicus Curiae Brief in the United States Supreme Court

IBM issued the following statement on filing an amicus curiae brief in the United States Supreme Court: “Changes in technology move faster than changes in the law, and when the law addresses new technology it must consider not only the immediate facts of the case at bar, but also the potential implications that a legal […]

Continue reading

IBM Letter to House Judiciary Committee on Anti-Sex Trafficking Bill

IBM today urged leadership of the House Judiciary Committee to align its anti-sex trafficking legislation with a parallel Senate bill.

Continue reading