5. Sharing of Threat Intelligence

How can agencies and industry implement and sustain threat data sharing and create a robust, timely and systemic sharing environment (more than just incidents) that can allow agencies to operate collectively government-wide and with industry and in real time rather than independently with little peripheral view of threats and responses?

Endorse existing ideas by voting for them. YOU MUST BE LOGGED ON TO VOTE.

Question: 5. Sharing of Threat Intelligence

What does this mean in my environment and are you reliable?

Instead of mandating information sharing we should look at this issue as one of national security. For example, if there were a potential for pandemic, that information would first be thoroughly investigated by the CDC and others before being communicated to the broader public to prevent unnecessary panic. That’s a good thing. The challenge with information sharing is that it has the potential to create more noise, ...more »

Submitted by

Voting

1 vote
Public Input

Question: 5. Sharing of Threat Intelligence

Implement a security and threat information exchange platform

A collectively stronger cybersecurity ecosystem means better protection for consumers and businesses. Alliances between incident responders across various industries and organizations are forming today, to help prevent cyber-attacks and to help reduce their damage. Microsoft Interflow, using a distributed architecture, enables sharing of security and threat information within and between communities for a collectively ...more »

Submitted by

Voting

1 vote
Public Input

Question: 5. Sharing of Threat Intelligence

Unified Security Practice Manager

There is already a significant volume of cyber threat and vulnerability information shared, as well as numerous programs designed to assist the process. What we don’t need are new structures and new programs – government should look to improve on existing ones rather than attempt to reinvent the wheel. Timeliness is key – push out more and better information earlier. Industry still feels like the government to private ...more »

Submitted by

Voting

1 vote
Public Input

Question: 5. Sharing of Threat Intelligence

Open Platform, Standards-Based Approach to Sharing Threat Intel

The evolution of the cyber attacker’s techniques, skills and tools has far exceeded the pace of the cyber defender’s. Throughout the public and private sector, from federal agencies to health insurance providers, emerging threats continue to wreak havoc on enterprise networks, applications and data. Incident response teams must move faster, but the tools they’ve been given to do the job aren’t fast enough in detecting, ...more »

Submitted by

Voting

0 votes
Public Input

Question: 5. Sharing of Threat Intelligence

ACT-IAC Membership Meeting Ideas

1. Find a way to establish a trusted repository where cyber first-responder insight can be shared without tipping off others about threats or vulnerabilities. 2. Standardize cybersecurity processes across government (reference different physical security procedures in place across civilian agencies). 3. Incentivize citizens and the private sector to support a strong cybersecurity posture. Build on the Cybersecurity ...more »

Submitted by

Voting

1 vote
Public Input

Question: 5. Sharing of Threat Intelligence

Expand TAXI/STYX (SuperSIG)

Endorse and expand TAXI/STYX so that data breach reporting is more robust and shared widely but in meaningful ways. Embrace operations similar to that used by North American Network Operators Group that shares incidents across most of the major networks in the US – include a “neighborhood cyber watch” program where companies and citizens can report issues to a shared resource that then shares with appropriate authorities. ...more »

Submitted by

Voting

2 votes
Public Input

Question: 5. Sharing of Threat Intelligence

Sharing of threat Intelligence

Response to Question 5) How can agencies and industry implement and sustain threat data sharing and create a robust, timely and systemic sharing environment (more than just incidents) that allows agencies to operate collectively government-wide and with industry and in real time, rather than independently with little peripheral view of threats and responses.

Submitted by

Voting

1 vote
Public Input

Question: 5. Sharing of Threat Intelligence

Silos cripple information sharing--Mandate sharing

Threat data sharing or cybersecurity-related information sharing is essential to the protection of the federal government, other critical infrastructure sectors, and to furthering cybersecurity for the Nation. The government needs to set the global standard on establishing an environment that facilitates threat data information sharing, it still operates in silos. Action must be taken to arm stakeholders with needed information ...more »

Submitted by

Voting

1 vote
Public Input

Question: 5. Sharing of Threat Intelligence

Supported ITAPS recommendations

(Regular print are supported ITAPS recommendations in response to questions, flagged are expanded recommendations to more explicitly address questions, not directly addressed by ITAPS; participated in and collaborated with ITAPS OMB-OPM-NSC Task Force) How can agencies and industry implement and sustain threat data sharing and create a robust, timely and systemic sharing environment (more than just incidents) that can ...more »

Submitted by

Voting

1 vote
Public Input

Question: 5. Sharing of Threat Intelligence

"Skin in the Game”

A multifaceted approach of building trust, having “skin in the game” (“AntiFragile” - Taleb), incentives and penalties for both industry and government. It has to be made in the best interest of both “parties” to share threat intelligence. This coupled with a multifaceted approach of incentives, disincentives, non attribution, etc. Then you increase the probability that sharing will occur. The incentives for government ...more »

Submitted by

Voting

2 votes
Public Input