IBM's (IBM) new cyberthreat data sharing project has attracted more than 1,000 companies in its first month, but the private sector effort doesn't reduce the need for new laws to encourage further sharing, IBM officials said.
IBM's X-Force Exchange lets participants anonymously share information about hacking attempts and access IBM's 20 years of accumulated data. Participants include 5 of the 10 largest global banks and six of the 10 largest retailers, IBM said. Both industries have been hard hit by hackers -- last year crooks stole data on 83 million accounts from JPMorgan Chase (JPM) and 56 million credit card accounts from Home Depot (HD).
Security experts have long advised companies to share data about hacking attacks so countermeasures can be developed more quickly. But antitrust, liability and privacy concerns have hampered those efforts even as Congress is considering legislation to create a safe harbor for some data sharing.
"We’re very optimistic that hopefully we’ll start to see some legislation, maybe even in the next few weeks, that will really start to remove the concern around the legal implications of sharing data," says Caleb Barlow, IBM vice president of strategy for Global Cybersecurity.
Some civil liberties groups oppose a Congressional proposal to allow companies to share personal information about customers with the National Security Agency. But a workable proposal could be crafted with strong privacy protections, Barlow says.
"Threat data can be shared without sharing private information and that is critical," he says.
Security experts see a compromise emerging from Washington that will separate private companies' direct data sharing from the NSA. "Ultimately, when a bill reaches the President's desk, it will not include the private sector sharing intrusion data directly with the National Security Agency," says Paul Kurtz, CEO of TruStar Technology and and a former top White House official on cyber security threats.
IBM's push into cyber security, bolstered by the acquisition of smaller firms like Trusteer and Lighthouse Security, is among CEO Ginni Rometty's efforts to revive growth at Big Blue. The company's revenue has declined for the past 12 quarters, though growth from the cyber security business, cloud hosting and other new areas Rometty is focusing on are finally starting to become significant.
The IBM CEO is meeting this week with 150 CEOs, board members and chief IT security officers to push the company's security services, Barlow says. Rometty aims to "really get into that dialogue of how do I maintain resiliency after an attack," he says.
IBM's threat exchange isn't the only private sector data sharing program. Major retailers including Target (TGT) and Walgreens (WGA) have joined forces in an initiative called the Retail Cyber Intelligence Sharing Center to share information about cyber threats amongst themselves and with government agencies.