Sharing Cyberthreat Info Won’t Bring Antitrust Risk, Feds Say

Competing businesses that share information about hackers and other virtual security threats will not be considered in violation of antitrust laws, the Justice Department and Federal Trade Commission confirmed in a joint statement. The agencies “do not believe that antitrust is – or should be – a roadblock to legitimate cybersecurity information sharing,” the policy guideline states.

Under the clarified rules, businesses will be able to swap information such as incident reports, the digital fingerprints that uniquely identify viruses and malware, and the IP addresses of an attacker, among other things. But competitive information such as pricing and products will still be off-limits. “Cyber threat information typically is very technical in nature and very different from the sharing of competitively sensitive information such as current or future prices and output or business plans,” the policy statement reads.

“Cyber threats are increasing in number and sophistication, and sharing information about these threats, such as incident reports, indicators and threat signatures, is something companies can do to protect their information systems and help secure our nation’s infrastructure,” Assistant Attorney General Bill Baer, head of DOJ’s Antitrust Division, said.