This blog is not about people but organizations and the fallacy of not sharing information. I believe there are many people in industry willing to share information about ICS cyber incidents. However, in too many cases, they are not allowed to do so. The fact is that legal departments too often are afraid that somehow this will make them a target, or that this will be reflected in a lower stock price, or other irrational fears. These fears are irrational because properly done, disclosure should not cause these problems, but help prevent problems.