Sharing within the Public Sector
In 2016, our world will be facing more security threats than ever before. There are also new opportunities for threats to emerge, with the introduction of new connected devices in the IoT sphere.
It has been noted that .gov addresses are among the most targeted websites by cyber attackers. The data on these websites is often private and classified. In more trivial circumstances, if this information were to get out, it could cause a national security crisis.
It is the nature of agencies in the public sector to hold sensitive data and personal particulars of people involved with the organisation. The United States Office of Personnel Management, the agency of which we could bring up time and time again, stores personal data from across government agencies on federal employees, people who applied for a position, and other such information. The recent breach of the agency demonstrates the greater risk faced by government when their security is compromised. Almost 21.5 million personal records were taken, due to the length of the event and the reach of the attack.
Our government agencies should be keener on sharing threats amongst each other. Bearing in mind, the end goal is to provide better protection to the greater public. Through increased collaboration, comes greater protection for each organisation.
As OpenGov recently reported, Mr. Chris Young, SVP and General Manager, Intel Security emphasized a great deal about collaboration within the security community while speaking at the Focus Security Conference 2015. As the threat landscape is rapidly growing, partnerships amongst the security community are becoming more inevitable.
Private Partnerships to Fight threats
Within the private sector, the Cyber Threat Allliance (CTA) is a force to be reckoned with. CTA was founded in 2014 by four cyber security vendors: Fortinet, Intel Security, Palo Alto Networks, and Symantec. Since it has been established, Barracuda, ReversingLabs, Telefónica, and Zscaler have joined in as contributing members. Their mission is to drive a coordinated industry effort against cyber adversaries through deep collaboration on threat intelligence and sharing indicators of compromise.
The companies that join the CTA agree to share campaign information in real-time, on the threats they have identified for each type of attack. When all of the threats are pulled together, it creates a compiled list which helps the companies target threats that have already been detected by others in the CTA.
While at the Focus15 Security Conference, Jeannette Jarvis, Director for Product Management, Intel Security Group, answered some of our questions about the challenges in forming the CTA.
As many can imagine, it was not easy to bring ‘competing’ security firms together as a united front to fight cyber threats. Mrs. Jarvis told us that each firm had to go into the alliance with trust in mind. To keep firms accountable, the CTA requires a certain amount of rich threat data to be shared daily amongst the members.
So far, the group has been sharing threat intelligence for a year and a half. In the summer, CTA was prompted to take on a ransomware campaign to prove that working together would be more efficient than working apart.
Today, the CTA released their first report on their campaign on CryptoWall Ransomware. The group profiled the latest version of CryptoWall and discovered over USD$325 million in damages worldwide. Through examining the full attack lifecycle of the CryptoWall v3 threat, they were able to conduct a thorough analyses and decipher campaign details, command-and-control infrastructure, and financial impact.
Going forward, the CTA aims to transform into a cross sector initiative. Involving other sectors with the efforts of CTA, allows for greater knowledge of the demand for threat intelligence. Also, Mrs. Jarvis foresees that many other security vendors will come on board to join the CTA.
The CTA plans to establish measurements of success within the alliance soon. This will allow the group to evaluate the success of data being delivered by each member.
Looking beyond 2016, we will know more about about the threats, and will start to question how will we be able to prevent attacks and make better predictions. It is anticipated that the biggest challenge to the community will be the volume of threats and events being faced in these environments. With collaboration, the public and private sectors are making great headway to lessen the threat of cyber terrorism globally.