CyberLunch – Regulating Trust in Cyberspace: A Polycentric Model for Critical Cyber Information Sharing / Deborah Housen-Couriel
Information sharing for the mitigation of cyber risk is unexpectedly controversial. On the one hand, there is widespread agreement among both regulators and private sector companies that the exchange of cyber threat information within a vetted community of participants allows organizations to leverage collective knowledge, experience, and capabilities and to benefit from a more complete understanding of the cyber threat environment. On the other, there are many regulatory challenges to effectively implementing effective information sharing platforms, including lack of trust among participants, some of who may be market competitors; personnel training and other organizational costs; inconsistent quality of the information shared; and participants' exposure to substantive rights claims with respect to shared personal data or IP. The presentation will discuss selected legal and policy dilemmas in the context of cyber information sharing, using the financial services sector as a case study, and propose some directions for their resolution. (Presentation)
NIST, Guide to Cyber Threat Information Sharing, 2016.
CERT-IL Operating Principles (in Hebrew).
D. Housen-Couriel, Information Sharing for the Mitigation of Hostile Activity in Cyberspace, 2019.