The IT Law Wiki


Information sharing is

[a]n exchange of data, information, and/or knowledge to manage risks or respond to incidents.[1]
[t]he sharing of cybersecurity threat information with others, such as indicators (system artifacts or observables associated with an attack); tactics, techniques, and procedures (TTPs); security alerts; threat intelligence reports; and recommended security tool configurations.[2]


The term "information sharing" gained popularity as a result of the 9/11 Commission Hearings and its report of the United States government's lack of response to information known about the planned terrorist attack on the New York City World Trade Center prior to the event. The resulting commission testimony led to the enactment of several executive orders by President Bush that mandated agencies implement policies to "share information" across organizational boundaries.

Information sharing is essentially a voluntary endeavor, whether in law enforcement, other areas of government, or the private sector. Certainly, policies may exist to exhort, promote, or "require" information sharing. These may be expressed informally; assumed to be necessary and understood; or set down formally in the form of a written policy, memorandum of understanding, or statute.

Still, sharing is founded upon trust between the information provider and the intelligence consumer. Such trust is most often fostered on an interpersonal basis; therefore, law enforcement task forces and other joint work endeavors succeed where colocated, interspersed personnel from different agencies and job types convene for a common purpose. In these instances, sharing can either flourish or falter due to changes in leadership, personality differences, and real or perceived issues.

Trust is fostered and may be further institutionalized by setting standards for participation in the information sharing process; thus, personnel vetting procedures are established that range from the most stringent — national security clearances for access to classified information through law enforcement agencies' employment background checks, including criminal history records and indices — to situational criteria that define an individual's "need to know."

The process of sharing and utilizing shared information can be viewed as having four main steps:

Legal impediments to sharing[]

There are at least seven legal impediments to information sharing:


See also[]

This page uses Creative Commons Licensed content from Wikipedia (view authors). Smallwikipedialogo.png