Instead of mandating information sharing we should look at this issue as one of national security. For example, if there were a potential for pandemic, that information would first be thoroughly investigated by the CDC and others before being communicated to the broader public to prevent unnecessary panic. That’s a good thing. The challenge with information sharing is that it has the potential to create more noise, weakening already weak signals and creating more tedious workflows. The promise of information sharing is, or at least should be, more useful/meaningful signals. There are many challenges in information sharing but maybe the primary challenge is efficacy of the source(s), and adequate context(s). Consider the efforts at DHS with ACD as an end-goal, but having that intelligence at each agency and location. Any CND personnel has the ability to query other locations to understand the prevalence of an IOC government wide. If they see something suspicious they can contact DHS, FBI or others for deeper investigation. DHS and FBI have capability to instantiate queries outbound for deeper attribution, and the ability to enrich the threat intelligence further. We need to raise the level of expertise across the board and the best way to do so may be to allow more transparency, enabling the CND staff to ask better more informative questions. In the end, we’re enriching and fortifying intelligence and scaling expertise along the way, near real-time.
Idea No. 156