We live in a time where the global sharing of threat intelligence is not only possible; it’s vital to the security of our global infrastructure, and the public and private sectors have been working tirelessly to create these programs.
So far, the biggest challenges have revolved around technology, laws, and cost — but still, over the past year, there has been a major push toward making this process more approachable and globally-impactful.
Many organizations such as IBM, Soltra, Lockheed Martin, Splunk, and Bluecoat, are spearheading these efforts.
Today, thanks to the Cybersecurity Information Sharing Act of 2015 (CISA), enterprises now have the ability to share threat data with the Department of Homeland Security in a legal framework that protects good samaritans.
To address the high-level technological needs of this endeavor, the DHS recently partnered with OASIS to revamp, standardize, lower the cost, and expand the reach of STIX and TAXII — data-sharing frameworks that now allow both humans and machines to exchange threat intelligence across borders in an automated fashion.
Further, the U.S. government is also calling for more Information Sharing and Analysis Organizations (ISAOs) to be developed — diverse communities of private-sector companies that collaborate to share intelligence and help thwart cyber attacks.
The momentum is building toward a global threat sharing program. More and more businesses and governments across the globe are seeing the value of this collaborative approach, and it’s only a matter of time before this is something the whole industrial world uses.
Why We Need a Global Threat Sharing Program
With the rapid advance of the industrial internet — or “Industry 4.0” — innovation and connectivity are sweeping through the world like a freight train. Industries across all categories are pushing to connect every object they can, collect as much data as possible, and thus boost their operational intelligence.
This is a trend that shows no signs of slowing down. So, instead of putting our heads in the sand for fear of change, we need to devote our brainpower toward creating methods that build and sustain this new world as safely as possible.
A global threat sharing program will do exactly that.
Cyber attacks pose true physical threats to society; we’re not just talking about individuals’ credit cards getting hacked. We’re talking more along the lines of power grids getting shut down, financial institutions being robbed of millions of dollars, and factories or even smart vehicles being commandeered from remote locations.
Being proactive about threats like these has always been a top priority, but up until now, it’s been a rather cumbersome process.
Efficiently extracting intelligence from traditional threat analysis reports — typically gigantic PDF files that utilize confusing codes and notations — has been a nearly impossible undertaking for any human or machine. As a result, it takes the average company approximately 146 days to discover that its data has been compromised. And by then, the hacker has likely already done further damage to other entities.
“It has only been six months since CISA was signed into law, and while there has been a rapid fire of activity in that time, more work certainly remains to be done,” Mark Clancy, CEO of Soltra, said when addressing the United States House of Representatives Committee on Homeland Security on June 15, 2016.
Some of the ‘more work’ he’s referring to involves boosting the overall accessibility of threat sharing platforms. Widespread involvement across all industries and sectors is pivotal to the program’s success.
“Historically, sectors only shared information within that sector,” Clancy said in that same address. “While important and effective to do, it also stovepipes the fact that the attackers are using the same tactics, techniques and procedures against [other] sectors.”
Emerging cross-sector platforms and solutions, such as Clancy’s own Soltra Edge, don’t just automate the threat discovery process; they’re offered free of charge, and they’re simple to incorporate into an existing IT infrastructure.
“The Soltra Edge platform sends, receives, and stores messages of cyber threat intelligence in a standardized way,” he said. “It hides the complexity of the underlying technical specification so that end users can setup and start receiving threat information in under 15 minutes in most cases, changing the paradigm where it could take months or millions of dollars to change internal systems if companies wanted to do it on its own.”
Thanks to software products that streamline the sharing process and reduce the financial and time burdens that typically accompany it, we’re well on our way to a multi-sectoral global threat sharing program that sparks unprecedented levels of proactivity in security.
The Perks of a Global Sharing Program
Once a global sharing program hits its stride, companies can rest assured that hackers will face more resistance than ever. For example, if Nike experiences an attempted breach, it can use STIX and TAXII to immediately report all the relevant details to the rest of the sharing ecosystem, and businesses across the globe will instantaneously have the ability to strengthen their defenses. If these same hackers try again at another location later on, they’ll have no such luck.
And further, a global sharing program provides obvious safety benefits to the world as a whole. Aside from the direct lives that could be saved by limiting physical mayhem, there are also indirect safety implications of global magnitude.
The industrial internet has the potential to create better, stronger, more innovative companies across all industries — which would undeniably improve the world as a whole. But, Industry 4.0 will only reach this lofty potential if businesses feel confident that their data is secure — and a crucial part of making that happen is encouraging widespread participation in a global threat sharing program.
Get involved today by joining an ISAO working group and keeping up with the latest developments in this crucial endeavor.