Specific types of data should be exempted, according to Richard Bejtlich, a senior fellow at the Brookings Center for 21st Century Security and Intelligence. Any cyberthreat indicators, which is what Obama wants businesses to share, should not include personally identifiable information (PII) about individuals or that hint at PII, and should also exclude data stolen from U.S. citizens, he says in a Brookings opinion piece.
Private industry is the target of attacks that seek to steal information that is damaging either to national security attacks against defense contractors, for example - or to the economic viability of large corporations attacks designed to steal intellectual property from corporations with competitors in other countries. As such, businesses collectively hold vast and valuable intelligence about who is attacking whom and how they are doing it.
The argument the Obama administration makes is that blending this private intelligence with threat data gathered by U.S. spy and law-enforcement agencies can create a more complete picture of cyber espionage and cyber warfare.
Sign up for CIO Asia eNewsletters.