IID examines the current state of cybersecurity intelligence sharing as well as its roadblocks and how they can be overcome. This includes viewpoints from leaders in the field of cybersecurity, representing a diverse cross-section of businesses and government agencies like Microsoft, Georgetown University and the City of Seattle.
1. Sharing the Wealth, and the Burdens,
of Threat Intelligence
Why security experts must unite against cyberattacks, and what’s
stopping them from collaborating more effectively.
White Paper: Exec Summary
2. New era of collaboration
Cybercrime evolves quickly, strikes often
Good guys lack organized, automated and scalable
ways to share intel
Major business, government and education players
working to make sharing work more effectively
“Information
sharing is still
overly predicated
on four dudes in a
room…talking
about what
happened last
month.”
City of Seattle
2
3. Three stages of collaboration
1. Proactive measures
− Internet hygiene recommendations
− Suspicious phishing/malware IP addresses
− Software vulnerability/patch updates
2. Incident response
− Crisis management
− Threat mitigation
3. Post-attack inquiries
− Work with authorities to investigate
and prosecute
“The bulk of the
investment moving
forward should be
in preventative.”
Microsoft
3
“If we invested one
tenth of what we
invest in cyber-
security into old
fashioned police
work, we’d actually
have a better return
on investment.”
Georgetown University
4. Obstacle #1
Manual, disparate technologies
and standards
− Slow manual processes
− Nothing automated or scalable
− Need standards, procedures, data formats
and reports
−
“The bad guys move
fast…so the data
needs to move
extremely fast.”
Microsoft
4
5. Obstacle #2
Trust issues
− Who to trust?
• Competitors
• Regulators
− Need to define with whom, how, when
and how much to share
“Collaboration
is great, but
collaboration
without trust
doesn’t get
very far.”
IID
5
6. Obstacle #3
Liability of sharing
− Sharing too much or wrong information?
• Limits needed
• Fast remedial procedures
− Legal indemnification to prevent blowback
from over-sharing
“There are a lot of
stakes involved in
balancing between
maintaining the
privacy of
individual users
and still being able
to share certain
information on
security incidents so
others can protect
themselves.”
Forum for Incident
Response and Security
Teams
6
7. Obstacle #4
Lack of resources, incentive
− Overburdened, understaffed
• Sharing intel not a priority
• Often caught unaware
− Collaboration is single most effective way
• Largest companies already sharing
− CEOs recommend private/government
sharing as vital to cybersecurity
“Please come up
with some
incentives that will
especially get local
governments to
adopt these
frameworks
because otherwise
they’re not going to
do it and the impact
is…probably loss of
life.”
City of Seattle
7
8. Conclusion
Corporations, organizations and agencies working toward
advances in cybersecurity intel sharing
Leaders setting standards and creating solutions
Can we work faster than the criminals?
A major attack could shut down the Internet, or worse
Read the white paper at http://internetidentity.com/white-papers/