Basically, the Business Roundtable executives are saying they want to be able to more freely exchange real-time information on security threats across company boundaries and with the U.S. government, especially the Department of Homeland Security, if assurances about confidentiality can be made and legal qualms resolved.
That could mean some proposed changes need to be supported legislatively by Congress and the Administration. But in the context of it all, the Business Roundtable executives are also raising objections to the prospect of any legislation that would establish the type of risk-compliance regulatory structure of federal mandates, such as was envisioned in the Cybersecurity Act of 2012 that failed to pass through Congress last year.
The Business Roundtable explicitly views its information-sharing proposal of today as a "second approach" that they favor, and they say they see more of their ideas represented in the House of Representatives bill H.R. 3523, the Cyber Intelligence Sharing and Protection Act which amends the National Security Act of 1947 to enable national intelligence agencies to share strategic threat assessments and other information.
Gasster says currently there's only known to be a pilot project with the Defense Department and some defense-oriented companies to share critical threat information. There has also been for decades a forum where telcos have shared security-related information with government.
Whether the information-sharing proposal from the Business Roundtable will get any traction in Washington power circles remains to be seen, but Gasster says the significance of the report is that these 210 CEOs from Fortune 25 companies have unambiguously acknowledged the nature of cyberthreats and how they think information-sharing will be key to defending against them.
Sign up for CIO Asia eNewsletters.