Cybersecurity battleground – Status of cyber threat info sharing

The current status of cybersecurity threats and information sharing between the public, private and government sectors is improving. With that said, there is still much work that needs to be done.

Host Sean Kelley sat down with an esteemed panel to discuss. The guests include:

  • Wally Coggins, director of the IC Security Coordination Center within the Office of the Director of National Intelligence
  • Mo Bland, deputy chief of cybersecurity operations at NSA
  • Rex Booth, chief of cyber threat and risk analysis at the Cybersecurity and Infrastructure Security Agency
  • Allan Thomson, chief technology officer at LookingGlass

Both private and public partnerships are essential to counter those who are actively trying to penetrate networks. But how do we get the right information to the right people at the right time?

Transforming data into intelligence and making that information relevant to organizations is a real challenge. It’s not something that can be fixed easily or without a collective force of effort.

While there is a lot of noise coming from people who claim to have a mass of intelligence, they actually just have a lot of information, which isn’t the same thing. The key to having quality data is relevance.

Data overload is already upon us, and it’s something that is only going to continue to grow. Artificial intelligence and machine learning are two particularly exciting areas in the future for cybersecurity, and they will both enable a faster way through the murky clouds created by having too much data.

Partnerships between the private sector, federal civil service, Defense Department and the intelligence community at large can be leveraged to take the data that is gained and help to truly understand what the adversaries are doing, how they are doing it and the most effective ways to detect and mitigate those risks.

Overcoming challenges

How can we create a common language between analysts and the intelligence collectors?

The intelligence collectors need to understand the threats and the tools that the analysts in the cyber defense world use to protect their networks. A more defined focus on technology along with policy is what is needed. However, it will cost money and more importantly, it will take time.

Some of the considerations for the policy concern data privacy, data sharing, data handling and data storage. This could also differ based on a region, state, country or continent. The end goal seems to be understood, but the challenges lead us to believe it is not something that is close to being resolved any time soon.

We first need to know what suspicious activities actually look like. Once risks have been defined, the data will need to be transformed into a set of indicators. This data will then be searchable on a network. One of the key challenges is figuring out which controls need to be in place in order to detect harmful activity quickly and more effectively.

The ultimate goal of cyber threat intelligence is to raise the cost of operations to the adversary.

The pool of active consumers that utilize cyber threat intelligence services is small. A larger subset of passive consumers get access to this data through the the use of various technologies, and could potentially be wiped out by an advanced attack. Reaching out to them is that last mile, and it’s going to be essential.

Persuading the private sector to bring forward data — which could have reputational or financial effects — or the government to share highly-classified information will always be difficult. But as an industry, we must find middle ground, where we can more easily access the information that end users need to do their jobs effectively.