Cyberthreat analysis - to share or not to share?
Friday, January 29, 2016 12:09:45 AM
Last year there was a lot of hype around the term “cybersecurity intelligence” from information security service providers and consultants. Behind this buzz were substantive government actions that were intended to increase the sharing of intelligence on cyberthreats between the private industry and federal agencies.
President Barack Obama issued an executive order directing the Department of Homeland Security to support the development of Information Sharing and Analysis Organizations, organized forums for increased sharing.
In addition, the controversial Cybersecurity Information Sharing Act of 2015, which included provisions encouraging federal agencies to share intelligence with private industry, was passed.
What is the “cybersecurity intelligence” that organizations are encouraged to share?
I define cybersecurity intelligence as confidential analysis of cyberthreats that influences the information security policies of your organization and affects the actions and effectiveness of hackers attacking your organization.
The key phrase “confidential analysis of cyberthreats” implies that the intelligence has specific value to your organization.
For example, the analysis might identify weaknesses in your security or the exact location of critical data in your network.
True cybersecurity intelligence should not be publicly disclosed because it will have a direct effect on your organization’s security interests if it is ignored or misused.
The idea behind these intelligence-sharing initiatives is the belief that by sharing this sensitive information with others in a controlled environment, we as a community would be able to develop and implement more effective defenses against hackers. Others argue that these sharing initiatives will unnecessarily disclose personal, sensitive information to the government.
Regardless of your point of view on the government sharing initiatives, the value of an organization’s cybersecurity intelligence is widely recognized.
I believe that organizations should regularly produce cybersecurity intelligence by continuously analyzing their network, systems, policies, the behavior of their personnel and trends among hackers.
The result will be valuable information about the weaknesses in your organization’s cybersecurity, how hackers are likely to attack those weaknesses and how you can better protect yourself and your organization.
, director of information security at Hawaiian Telcom, holds current Global Information Assurance Certification (GIAC) and is a Systems and Network Auditor (GSNA), a Certified Intrusion Analyst (GCIA) and Certified Forensic Analyst (GCFA). Reach him at firstname.lastname@example.org