On the heels of three major cybersecurity incidents over the past six months—the SolarWinds and Microsoft Exchange supply chain attacks and the Colonial Pipeline ransomware attack—government officials and some in the private sector are reviving calls for better information sharing and national breach notification requirements.
“We seem to talk endlessly about information-sharing,” Michael Daniel, president and CEO of the Cyber Threat Alliance, a nonprofit that enables cybersecurity providers to share threat intelligence, said during a presentation at the RSA Conference last week. “Virtually every cybersecurity panel study or review for the last half-century seems to have an information-sharing recommendation in it. No one is really against information sharing in theory. Yet, information sharing never seems to quite work.”