The Dark Side of International Cybersecurity Information Sharing

Earlier this week, I wrote a short blog suggesting the need for an international component to the cybersecurity information sharing proposals pending in the Senate.  In the interests of doing the idea fair justice, today's post is a short reference to the "dark side" of the problem -- namely that not all international actors are good partners for cyber threat and vulnerability information sharing.  As the New York Times reports today, the computer security firm, Symantec, is dissolving its alliance with the Chinese firm Huawei.  The reason, unsurprisingly, is that the connection between the two companies was seen by Symantec as a barrier to its own ambitions domestically.  Even in the absence of legislation, the Executive Branch is moving forward to expand the sharing of classified cyber threat information with domestic companies.  As the Times reports, "Symantec feared the alliance with the Chinese company would prevent it from obtaining United States government classified information about cyberthreats."  Huawei denies that it has an affiliation with the Chinese government, but it seems that China's widely-perceived espionage activity is starting to have practical effects. In any event, the episode does illuminate part of the problem of sharing classified threat information -- who do you trust?  That's a problem on the domestic side and will be an even greater challenge if the international aspects of cyber threat information sharing are considered.