Skip to content

Menu

LexBlog, Inc. logo
NetworkSub-MenuBrowse by SubjectBrowse by PublisherJoin the NetworkGet StartedSubscribeSupport
Contact Us
Search
Close

So, You Want to Share Your Technical Cyber Threat Information with Your Neighbors?

By Jonathan Lewis, Pamela Jones Harbour, Gerald J. Ferguson & Theodore J. Kobus III on April 21, 2014
Email this postTweet this postLike this postShare this post on LinkedIn

156412_ImageEchoing guidance previously given to a nonprofit organization looking to exchange certain cybersecurity information, including exchanging actual real-time cyber threat and attack information, and others planning to exchange information concerning remediating the Y2K problems, the Department of Justice (“DOJ”) and Federal Trade Commission (“FTC”) recently released a joint “Antitrust Policy Statement on Sharing of Cybersecurity Information” (“Statement”).

In his prepared remarks announcing the release of the Statement, Assistant Attorney General Bill Baer rightly stated:  “This is an antitrust no-brainer: Companies who engage in properly designed cyber threat information sharing will not run afoul of the antitrust laws. This means that as long as companies don’t discuss competitive information such as pricing and output when sharing cybersecurity information, they’re okay.”

So, what do you need to do if you want to share your technical cyber threat information with your neighbors?  According to the Statement, the first thing you need to do is make sure the information sharing arrangement is not “being used as a cover to fix prices, allocate markets, or otherwise limit competition.”  If it is, you have a big problem.   That said, you should be in the clear if the sharing arrangement is limited to technical cyber threat information, e.g., threat signatures and IP address or target ports of a Denial of Service attack.  “The sharing of this type of information” the Statement says, “is very different from the sharing of competitively sensitive information such as current or future prices and output or business plans which can raise antitrust concerns.”

As one of the nation’s largest and most comprehensive practices in the area of data privacy and information security, we partner with clients to mitigate reputational and financial risks.  If you have any questions regarding this topic, or our data privacy and information security practice more generally, please contact Gerald J. Ferguson, gferguson@bakerlaw.com or 212.589.4238, Theodore J. Kobus III, tkobus@bakerlaw.com or 212.271.1504, or Pamela Jones Harbour, pharbour@bakerlaw.com or 202.861.1558; or if you would like to learn more about our antitrust capabilities, please contact Ms. Jones Harbour or Jonathan L. Lewis, jllewis@bakerlaw.com or 202.861.1557.

Photo of Pamela Jones Harbour Pamela Jones Harbour
Email
Photo of Gerald J. Ferguson Gerald J. Ferguson

Gerald Ferguson currently serves as the Intellectual Property, Technology and Media Group Coordinator for the firm’s New York office. Mr. Ferguson also serves as the national leader of the firm’s Privacy and Information Security group. He has worked with companies to create national…

Gerald Ferguson currently serves as the Intellectual Property, Technology and Media Group Coordinator for the firm’s New York office. Mr. Ferguson also serves as the national leader of the firm’s Privacy and Information Security group. He has worked with companies to create national and global privacy policies. He has extensive experience advising companies regarding compliance with state breach notification laws. Mr. Ferguson is able to advise clients regarding notification obligations quickly and efficiently using a state-by-state survey of the 47 jurisdictions with breach notification laws that is regularly updated by Baker Hostetler’s Privacy and Information Security group. As part of his proactive approach to an incident response, he works with forensic consultants to develop the substantive opinions necessary to support a determination that disclosure of a breach is not required when possible. If disclosure is required, he uses a team approach to carefully manage the process in a cost-effective and efficient manner that focuses on minimizing reputational harm.

Mr. Ferguson is Chairman of the Intellectual Property Committee of the New York State Bar Association, International Law and Practice Section.

Read more about Gerald J. FergusonEmailGerald's Linkedin ProfileGerald's Twitter Profile
Show more Show less
Photo of Theodore J. Kobus III Theodore J. Kobus III

Ted Kobus stands at the forefront of cyber protection — no small role in an era defined by crippling data breaches and daily digital threats. He has earned authority in the areas of privacy, data security and cybersecurity, leading clients to entrust him…

Ted Kobus stands at the forefront of cyber protection — no small role in an era defined by crippling data breaches and daily digital threats. He has earned authority in the areas of privacy, data security and cybersecurity, leading clients to entrust him with more than 6,000 data breach responses. Businesses, government and other organizations turn to Ted for sound advice on compliance, developing response strategies, breaches implicating domestic and international laws, and defense of both class action litigation and regulatory actions. Notably, he has developed key relationships with the U.S. Department of Justice (DOJ), where he and his team have helped to establish protocols to protect corporate victims following a data breach. He knows the most proactive regulators involved in this space and interacts with them regularly.

Ted has led the defense to hundreds of regulatory investigations, including those brought by the Attorney General Multi-State, Department of Health and Human Services Office for Civil Rights, Departments of Insurance, SEC and FTC. In the healthcare space, Ted has defended more than 200 OCR investigations and has negotiated more privacy/security-related resolution agreements than any other lawyer.

Ted is consistently ranked in Chambers USA: America’s Leading Lawyers for Business, and he is one of only a handful of attorneys nationwide named an MVP by Law360 for Privacy and Consumer Protection. He is a regular contributor to BakerHostetler’s Data Counsel blog, and he frequently speaks at major industry events regarding data breach response, risk management and litigation issues affecting privacy. Ted has spoken at the National Association of Attorneys General on data security issues in a closed session, as well as the National Security Cyber Specialist’s Training Conference organized by the DOJ.

Ted is the firmwide chair of BakerHostetler’s Digital Assets and Data Management Group and a member of the firm’s Policy Committee.

Read more about Theodore J. Kobus IIIEmailTheodore's Linkedin ProfileTheodore's Twitter Profile
Show more Show less
  • Posted in:
    Antitrust, Competition and Trade
  • Blog:
    Antitrust Advocate
  • Organization:
    Baker & Hostetler LLP
  • Article: View Original Source

Call us at 1-800-913-0988 or email sales@lexblog.com.

Facebook LinkedIn Twitter RSS
  • About LexBlog
  • The Field We Built
  • Our Beliefs
  • Our Team
  • Contact LexBlog
  • Disclaimer
  • Editorial Policy
  • Terms of Service
  • Get Started
  • Publishing Solutions
  • Compass
  • Submit a Request
  • Support Center
  • System Status
Copyright © 2026, LexBlog, Inc. All Rights Reserved.
Law blog design & platform by LexBlog LexBlog Logo