I just got done reading the DTCC’s White Paper entitled Cyber Risk – A Global Systemic Threat (PDF). The white paper outlines seven recommendations for policymakers that they state will further an “aggressive agenda to combat cyber threats.” Four of the seven recommendations refer to information sharing between and among governments and businesses.
Information sharing is a fabulous idea, but is easier said than done. Everyone in my field of cybersecurity agrees that information sharing is a good thing. If you show me your signatures, then I’ll show you mine. If my NG firewall finds a new 0-day CryptoWall variant, then it would be helpful to share this with other companies so they don’t get hit by the same variant. Obviously, reciprocation of sharing is expected, or in actuality, hoped for with the myriad of SLAs and annual maintenance contracts organizations have with cloud-enabled security tools.