IBMer to Congress: Info Sharing is Key to Managing Cyber Risks

Share this post:

With national attention focused on high-profile cyber attacks, IBM’s top cybersecurity legal expert today spoke to members of Congress about the importance of sharing cyber threat information, and how legislation can be shaped to help promote that sharing.

Washington, D.C. – With high-profile cyber intrusions and data breaches captivating national attention, IBM’s top cyber security legal expert today spoke to members of Congress about the need to foster more sharing of cyber threat data among businesses and other organizations.

In testimony before the U.S. House of Representatives Permanent Select Committee on Intelligence, IBM Cybersecurity Counsel Andrew Tannenbaum explained that enterprises have adopted a “risk management” approach to cyber threats.

He noted that in years past, securing networks was a relatively contained matter. Today however, businesses can have millions of users accessing their systems and the volume of data that has to be secured is staggering, and growing by the second. “Companies know they cannot eliminate all cybersecurity risk, he said, “the threats are simply too diverse and dynamic.” Businesses therefore identify potential risks in their IT systems, prioritize them and allocate security resources accordingly.

Tannenbaum then pointed out that cybersecurity is a data analytics challenge, and that a critical element of any enterprise-level cybersecurity risk management program is the ability to rapidly receive and use actionable data about the latest cyber threats. With new threats evolving in near real-time, companies need to be able to share such data quickly to keep one another one step ahead of the hackers.

In urging members of Congress to pass information sharing legislation as quickly as possible, Tannenbaum detailed three elements that IBM views as vital to making a cybersecurity bill truly effective. These included:

  • Privacy Protection – any cybersecurity information sharing legislation must protect the privacy of individuals. Sharing should be limited to technical details organizations need to defend their systems.
  • Liability Protection – businesses will be reluctant to share threat information until federal law is updated to provide legal clarity and liability protection for companies who do so appropriately and in good faith.
  • Sharing “Rules of the Road” – companies need a single, civilian government agency with which to share cyber threat info, as well as reasonable flexibility to engage other agencies under specific and justifiable circumstances.

Tannenbaum stated IBM’s appreciation of the recent cybersecurity and information sharing initiatives launched by President Obama, while pointing out that bipartisan information sharing legislation remains vital to an effective cybersecurity strategy. IBM will, he said, continue working Congress and the Administration to secure passage of such a bill.
Download the testimony


 

Media Contact:

Adam R. Pratt
(202) 551-9625
arpratt@us.ibm.com

More stories

Bias in AI: How we Build Fair AI Systems and Less-Biased Humans

Artificial intelligence (AI) offers enormous potential to transform our businesses, solve some of our toughest problems and inspire the world to a better future. But our AI systems are only as good as the data we put into them.

Continue reading

A New Public-Private Partnership to Advance Cybersecurity in France

IBM today opened its new Security Operations Center (SOC) in Lille, France. The SOC offers security incident and response services to organisations that are at the heart of the French society and economy. Operating 24 hours a day, seven days a week, the security center team will monitor the latest security events, assess their potential impact […]

Continue reading

Four decades. Nine jobs. One company. Meet Albert, IBM’s first-ever new collar employee.

Nearly 40 years before the first class of P-TECH students graduated high school with an associate’s degree and a pathway to a new collar career in tech (and before the term “new collar” was even coined), Albert Schneider was on his way to becoming the first new collar IBMer. Albert began working full time after […]

Continue reading