To Prevent Cyberattacks, Share the Threat Data

[Commentary] There’s reason to worry for the safety of our infrastructure and the privacy of our personal data. In fact, while policy makers and pundits have focused on reforming US government surveillance, they have missed a growing privacy crisis: Cybercriminals are robbing us blind. Some hackers are engaged in state-sponsored espionage. But many other attacks are conducted by global crime rings. Operating on hidden parts of the Internet known as the dark Web, they sweep up and sell massive amounts of personal data, which is then used for nefarious purposes.

What can be done? Four years ago, Congress began considering legislation to encourage companies to share information—with one another and the government—about active threats in their networks. Experts heralded this step as essential, much like sharing data on a flu outbreak. But the effort stalled after Edward Snowden’s disclosures, because critics equated sharing cyberthreat data with aiding government surveillance. That was a red herring.

This legislation will not cure all of our cyber woes. But if it can encourage more entities to share data about cyberthreats and help prevent the theft of private information, it will be a victory for both privacy and security. With the hackers showing no sign of relenting, now is the time for the Senate to finish the job.

[Tannenbaum is cybersecurity counsel at IBM]