In recent months, there have been widespread efforts among corporate entities, governments, and private individuals to improve the quality of cybersecurity. A popular theory states that exchanging information—a level of sharing most agencies and corporate entities are on the fence about adhering to—is the key to successfully improving cybersecurity on a broad scale.
Why is information sharing so important?
A data network like the Department of Defense (DoD) for example, is interconnected on a global level, and contains end-to-end sets of information capable for collecting, processing, storing, disseminating, and managing information in real time to warfighters, policymakers, and support personnel. The DoD’s cybersecurity outlets have paid considerable attention to the standing up of cyber mission teams, along with the significance of cyber workforces throughout all levels of government. For all these units and divisions to successfully do their jobs, any threat information must be shared broadly and systematically.
The Department of Defense has demonstrated how important it is for cybersecurity programs to be both defensive and offensive when it comes to addressing cyberattacks and criminals. It’s essential knowing who initiative proactive countermeasures must be implemented against rather than blindly reacting to the latest advanced threat, which are increasing in number since network compromises are more insidious and difficult to detect than ever before.
One of the lessons to be taken from the Office of Personnel Management security breach in 2015 was how long it can truly take in detecting a threat. Astoundingly, the average lag time in these situations can be up to 205 days (with some cases reaching 250). New mobile vulnerabilities and malware variants are continually produced as a result of the interconnectedness of communications. This alone makes it nearly impossible for any agency to single-handedly keep up with this sort of pace.
Going back to the DoD as our example, the organization is tasked with “freedom of action” in cyberspace, while simultaneously denying that same freedom to its adversaries. Systems operators must conduct full spectrum cyberspace operations like computer network defenses, attacks, and exploitations. Cyberspace operations are informed via intel and threat indicators from traditional and advanced sensors, sharing vulnerability information from both DoD and non-DoD sources. The DoD uses an array of systems for gathering threat information, like host-based security systems, and web content filters. They also use another tool like SharkSeer—a National Security Agency project aiming to detect and mitigate web-based Zero-Day malware and Advanced Persistent Threats using commercial off-the-shelf technology.
While commercial sources of threat identification are important, threat information shared by America’s partners in the Five Eyes intelligence alliance (also involves nations of Australia, Canada, New Zealand, and UK) is considered just as essential. It’s worth noting the agency is behind the curve on information sharing, and is challenged on ingesting reporting information. This sheds light on the biggest obstacle in getting real solutions for today’s cybersecurity problems—trust.
Establishing trust within intelligence community partners to reach true interoperability, automation, and to accurately evaluate quality of information received is paramount for this concept to work. Analysts don’t necessarily trust information they receive, since it’s usually stripped of data to the point of becoming meaningless. As a result, it becomes increasingly challenging for analysts to reach actionable conclusions. While solutions ultimately remain unclear, the need to expand trust with commercial entities remains a paramount ordeal, along with a concentrated effort at relationship building. If these two aspects are successfully mastered, two-way information flow might not be as inconceivable as it presently seems.
Filed Under: Cybersecurity, M2M (machine to machine)