Private sector needs a little sumthin' sumthin' to get it sharing threat intel – US security chap
Sharing's caring, intone government bods
Israel Cyber Week Bigwigs mulled giving the UK's National Cyber Security Centre, the information assurance division of GCHQ, a regulatory function or even letting it charge for its services - before settling on its current role of encouraging better cybersecurity.
That's what chief exec Ciaran Martin told Israel Cyber Week during a panel on international cooperation alongside his counterparts in the US and Singapore and industry execs on Tuesday. Much of the discussion focused on intelligence sharing between the private sector and government.
Christopher Krebs, newly appointed Undersecretary at the National Protection & Programs Directorate in America's Department of Homeland Security, said that even though the technical people and board members might want to share threat intelligence with the government, corporate lawyers (general counsels) were a consistent roadblock.
Hot new application for blockchain: How does botnet control sound?READ MORE
Krebs stressed that the US government wanted to operate a voluntary model for information sharing. He suggested that the incentive of getting access to higher level analysis from government in return for information sharing might not be enough and thought should be given to allow "deference in regulatory action" to companies that suffered a breach despite being involved in information-sharing programmes.
He went on to suggest that a government/industry defence model – comparable to NATO's Article 5 mutual self-defence provision (an attack against one ally is considered as an attack against all allies) – was desirable.
Representatives from Microsoft, Symantec and McAfee on the Strategic Cyber Alliances panel said that sharing has to be built on trust between the private sector and government. Communication – at least between security software vendors and the US government – has improved since the WannaCry outbreak last year.
Martin said the role of government was to get involved in things that the private sector wasn't doing, such as combating email spoofing on a large scale or safeguarding the threat to internet hygiene by, for example, the Mirai IoT botnet. Mirai was used to take out a small but important DNS service in October 2016 leaving large swathes of the internet inaccessible as a result.
David Koh, chief executive of Singapore's Cyber Security Agency (CSA), commented that there are security issues with the internet that don't get resolved because of a lack of any financial incentive. "You can't leave everything to the market," Koh said, arguing that a basic level of hygiene needs to be assured.
Asked whether the US partnering with Russia and China was possible, Krebs suggested that collaboration on issues such as child exploitation and drug distribution was possible and offered some basis for inter-government trust.
He added the caveat that such work would likely be limited because "you bump up against what's considered acceptable government practice" – referencing the theft of intellectual property by China and political interference by Russia. ®
Sponsored: Becoming a Pragmatic Security Leader