Instead of mandating information sharing we should look at this issue as one of national security. For example, if there were a potential for pandemic, that information would first be thoroughly investigated by the CDC and others before being communicated to the broader public to prevent unnecessary panic. That’s a good thing. The challenge with information sharing is that it has the potential to create more noise,... more »
5. Sharing of Threat Intelligence
How can agencies and industry implement and sustain threat data sharing and create a robust, timely and systemic sharing environment (more than just incidents) that can allow agencies to operate collectively government-wide and with industry and in real time rather than independently with little peripheral view of threats and responses?
Endorse existing ideas by voting for them. YOU MUST BE LOGGED ON TO VOTE.
A collectively stronger cybersecurity ecosystem means better protection for consumers and businesses. Alliances between incident responders across various industries and organizations are forming today, to help prevent cyber-attacks and to help reduce their damage. Microsoft Interflow, using a distributed architecture, enables sharing of security and threat information within and between communities for a collectively... more »
There is already a significant volume of cyber threat and vulnerability information shared, as well as numerous programs designed to assist the process. What we don’t need are new structures and new programs – government should look to improve on existing ones rather than attempt to reinvent the wheel. Timeliness is key – push out more and better information earlier. Industry still feels like the government to private... more »
The evolution of the cyber attacker’s techniques, skills and tools has far exceeded the pace of the cyber defender’s. Throughout the public and private sector, from federal agencies to health insurance providers, emerging threats continue to wreak havoc on enterprise networks, applications and data. Incident response teams must move faster, but the tools they’ve been given to do the job aren’t fast enough in detecting,... more »
1. Find a way to establish a trusted repository where cyber first-responder insight can be shared without tipping off others about threats or vulnerabilities. 2. Standardize cybersecurity processes across government (reference different physical security procedures in place across civilian agencies). 3. Incentivize citizens and the private sector to support a strong cybersecurity posture. Build on the Cybersecurity... more »
Endorse and expand TAXI/STYX so that data breach reporting is more robust and shared widely but in meaningful ways. Embrace operations similar to that used by North American Network Operators Group that shares incidents across most of the major networks in the US – include a “neighborhood cyber watch” program where companies and citizens can report issues to a shared resource that then shares with appropriate authorities.... more »
Response to Question 5) How can agencies and industry implement and sustain threat data sharing and create a robust, timely and systemic sharing environment (more than just incidents) that allows agencies to operate collectively government-wide and with industry and in real time, rather than independently with little peripheral view of threats and responses.
Threat data sharing or cybersecurity-related information sharing is essential to the protection of the federal government, other critical infrastructure sectors, and to furthering cybersecurity for the Nation. The government needs to set the global standard on establishing an environment that facilitates threat data information sharing, it still operates in silos. Action must be taken to arm stakeholders with needed information... more »
(Regular print are supported ITAPS recommendations in response to questions, flagged are expanded recommendations to more explicitly address questions, not directly addressed by ITAPS; participated in and collaborated with ITAPS OMB-OPM-NSC Task Force) How can agencies and industry implement and sustain threat data sharing and create a robust, timely and systemic sharing environment (more than just incidents) that can... more »
A multifaceted approach of building trust, having “skin in the game” (“AntiFragile” - Taleb), incentives and penalties for both industry and government. It has to be made in the best interest of both “parties” to share threat intelligence. This coupled with a multifaceted approach of incentives, disincentives, non attribution, etc. Then you increase the probability that sharing will occur. The incentives for government... more »