Photo

WASHINGTON – Sharing information between companies about threats to cybersecurity is not likely to raise antitrust concerns, the Justice Department and the Federal Trade Commission said Thursday.

In a new policy document that describes their stance, the regulators outlined ways in which the sharing of cyber-threat information differs from the sharing of competitive information, such as pricing data and business plans.

“Cyber threats are increasing in number and sophistication, and sharing information about these threats, such as incident reports, indicators and threat signatures, is something companies can do to protect their information systems,” said Bill Baer, an assistant attorney general in charge of Justice’s antitrust division.

The regulators previously issued guidelines on the sharing of information about cyber threats in October 2000 in a business review letter to the Electric Power Research Institute. The regulators have relied on that opinion ever since, but only now turned it into a formal policy.

In February 2013, in the wake of an increasing number of cyberattacks and theft of consumers’ personal data, President Obama issued an executive order urging the use of the safe harbor and ensuring that privacy and civil liberties protections are in place. According to a recent study by Risk Based Security, there were more than 2,000 data security breaches in 2013.

Justice Department officials also emphasized that companies should inform the government about cyber threats. Deputy Attorney General James M. Cole called on Congress to enact new laws governing the reporting of cybersecurity issues, including a duty to inform federal agencies of such a threat.

“Companies must recognize the need to share with the government, because it is through such sharing that the government is able to help companies most quickly and effectively address intrusions and to help prevent future attacks,” Mr. Cole said.

Edith Ramirez, the chairwoman of the F.T.C., which shares jurisdiction over competition issues with the Justice Department, said the policy was designed to stem reluctance among companies to share information about the type and scope of cybersecurity threats.

“This statement should help private businesses,” Ms. Ramirez said, “by making it clear that antitrust laws do not stand in the way of legitimate sharing of cybersecurity threat information.”