Justice News

Remarks as Prepared for Delivery by Deputy Attorney General James M. Cole at the Pen and Pad Briefing on the Justice Department and Federal Trade Commission Joint Antitrust Policy Statement on Sharing of Cybersecurity Information
Washington, DC
United States
Thursday, April 10, 2014

Thank you all for coming this afternoon. Today, the Department of Justice and the Federal Trade Commission are announcing the joint issuance of a policy statement on the sharing of cybersecurity information. This policy makes clear that antitrust concerns are not raised when companies share with each other cyber threat-related information.

Information sharing is critical to improving the nation’s cybersecurity. This joint guidance is an important step in making clear that legitimate cyber threat sharing can help secure the nation’s networks and that it can occur without raising antitrust liability issues. Cyber threats are increasing in number and sophistication, and come from a variety of actors with diverse goals and methods. Indeed, the recent Target breach is just another reminder of how far-reaching the cyber threat has become.

Private parties play a key role in mitigating and responding to cyber threats. For this reason, I have been meeting with companies around the nation – literally, from Chicago, to San Francisco, to Cincinnati. The purpose of these meetings has been to provide companies with an opportunity to talk about their concerns and to obtain feedback regarding how the department has been performing in responding to  the needs of companies – and of course how we can improve. We have talked about the importance of sharing information among all relevant parties. This includes the need for companies to share with the government, the need for the government to share with companies, and the need for companies to share with each other.

Each of these is equally important:

  • Companies must recognize the need to share with the government, because it is through such sharing that the government is able to help companies most quickly and effectively address intrusions - and to help prevent future attacks.
  • We at the Department of Justice have also long-recognized the need for government to share information with the private sector. This is why, for example, the FBI created the InfraGard program. Membership in InfraGard allows companies to receive general information and alerts from the FBI as soon as that information is available.
  • And of course, the reason we are here today: we must encourage companies to rely on each other. To able to secure the nation’s networks of information and resources, members of the private sector must share information with each other.

Some companies have told us that concerns about antitrust liability has been a barrier to being able to openly share cyber threat information with each other. We have heard you. And speaking on behalf of everyone here today, this guidance responds to those concerns, lets everyone know that antitrust concerns should not get in the way of sharing cybersecurity information, and signals our continued commitment to expanding the sharing of cybersecurity information.

We speak often about the importance of information sharing. But today, we are taking a concrete step to help encourage it. And it is an important step. We look forward to a continuing dialogue with our private sector partners to further reduce barriers to information sharing.

I’d like to turn now to my good friend Rand Beers to say a few remarks before he turns to the Assistant Attorney General of the Antitrust Division and the Chairwoman of the Federal Trade Commission to provide some details about the guidance.

Updated September 17, 2014