FBI Director Comey delivered a keynote speech at the annual International Conference on Cyber Security this past Wednesday at Fordham University. In his speech, Director Comey discussed a number of organizational changes over the past few years to better investigate cyber crimes. Director Comey also discussed the hack against Sony Pictures Entertainment and identified North Korea as the responsible bad actor. Director Comey used the Sony hack investigation as a good example of what can be uncovered when the private and public sector work together.
His speech on Wednesday is consistent with his speech in February of last year at the RSA Cyber Security Conference, where he stated that the FBI’s private sector partners are the “primary victims of the evolving cyber threat,” but they are also the “key to defeating it.” Reflecting on his time as a general counsel in the private sector, Director Comey expressed his understanding of the private sector’s frustration on how opaque government cyber investigations can be and the need for clarity on what information the private sector needs to share and what will happen to the information that is shared. To Director Comey, the Sony hack incident is yet another example of why it is important “to get better at cooperating with our private sector partners.”
Notably, there presently are no clear liability protections against antitrust prosecution, private antitrust litigation, and state and federal enforcement in the case of private sector coordination related to cyber threat information sharing. The Department of Justice and the Federal Trade Commission issued a statement in April of 2014 that offers guidance on how they analyze cyber threat information sharing. They assert that they “do not believe that antitrust is – or should be – a roadblock to legitimate cyber security information sharing.” However, their statement is only guidance, not law.
Last year, the House passed the Cyber Intelligence Sharing and Protection Act (“CISPA”), which arguably would provide the private sector with protection from liability when sharing certain cyber information with the government. The bill was stalled in the Senate due to privacy concerns. However, Representative Dutch Ruppersberger, a senior Democrat from Maryland, reintroduced the cybersecurity bill in the House on Thursday, January 8th.