Coalition for Open Security brings new voice to info-sharing debate

Shutterstock image: symbiotic technology.

The Coalition for Open Security, a nascent industry-led group advocating greater sharing of cyber-threat information, was borne out of a terrifying presentation given by a federal chief information officer last October.

The presentation featured “data upon data upon data of bad actors, the impact they’ve had, and what we can anticipate in the future,” and it “scared everybody to death,” recalled Madeline Weiss, a private consultant and one of the coalition’s organizers.

The presenter was David Bray, the Federal Communications Commission’s CIO, and the forum was the Society for Information Management’s Advanced Practices Council, a group of senior IT executives representing 33 private and public organizations. Bray was not there in an official capacity, but his message sure resonated, according to Weiss. “APC members were totally fired up” after the presentation and walked away inspired to form the coalition, she said.

The group is driven by a belief that business executives and technology vendors are inherently distrustful of information-sharing initiatives led by government, and even by corporate giants. “Technology vendors such as Facebook and Google are beginning initiatives, but organizations remain wary of their motives and incentives,” says a background document prepared by the coalition.

Weiss, who is APC’s program director, lamented a corporate culture whose instinct, she said, is to conceal cyber vulnerabilities. “Today, companies, when they have a breach, they bury it as quickly as they can,” Weiss said. “Instead of sharing, the first thing they want to do is make sure it’s way below the radar.”

Even the Financial Services Information Sharing and Analysis Center, the financial sector’s information-sharing hub that is often touted as a success, is hamstrung by liability concerns, according to Weiss.

The new coalition has three initial objectives: create a forum for organizations to identify the best tools for information-sharing and cyber resiliency; create an anonymous database of cyberattack and breach information; and support federal legislation that offers liability protections for firms that share threat information. These goals are supported by all APC members, which include private-sector heavyweights such as Pfizer and BP, along with NASA’s Goddard Space Flight Center and DHS’s Federal Emergency Management Agency on the federal side.

The coalition will first focus on supporting information-sharing legislation that, in one form or another, has died in Congress in recent years. Backers of such a bill hope this is the year it will finally become law. The steady stream of high-profile breaches of large firms and federal agencies might help that cause, but privacy and civil liberties groups that say the bill amounts to expanded government surveillance are still putting up a fight.

On June 9, North Carolina Republican Richard Burr, chairman of the Senate Intelligence Committee, said he would try to attach the Cybersecurity Information Sharing Act as an amendment to the annual defense authorization bill. But Senate Democrats on June 11 blocked the cybersecurity measure, raising the possibility that it could be considered separately from the defense bill.

The coalition intends to infuse the debate over information-sharing legislation with a sense of urgency. Weiss said the group is preparing an email campaign that will urge lawmakers to pass an information-sharing bill, though she said the note will not refer to CISA in particular.

The coalition’s other objectives – creating a threat database and promoting tools for information sharing and resilience– will come easier once a bill is passed, Weiss said. But if recent history is anything to go by, getting an information-sharing bill done is far from a given. 

About the Author

Sean Lyngaas is a former FCW staff writer.


  • Defense
    Ryan D. McCarthy being sworn in as Army Secretary Oct. 10, 2019. (Photo credit: Sgt. Dana Clarke/U.S. Army)

    Army wants to spend nearly $1B on cloud, data by 2025

    Army Secretary Ryan McCarthy said lack of funding or a potential delay in the JEDI cloud bid "strikes to the heart of our concern."

  • Congress
    Rep. Jim Langevin (D-R.I.) at the Hack the Capitol conference Sept. 20, 2018

    Jim Langevin's view from the Hill

    As chairman of of the Intelligence and Emerging Threats and Capabilities subcommittee of the House Armed Services Committe and a member of the House Homeland Security Committee, Rhode Island Democrat Jim Langevin is one of the most influential voices on cybersecurity in Congress.

Stay Connected


Sign up for our newsletter.

I agree to this site's Privacy Policy.