Former cyber czar takes helm of security info sharing alliance
As the U.S. government continues to wrestle with policies and programs to share intelligence about cybersecurity threats with the private sector, a small non-profit is trying to change paradigms around information sharing.
EDITOR's NOTE: This article was first published on FCW.com.
Founded in 2014 as a consortium of cybersecurity firms seeking to improve threat-information sharing and incident response, the Cyber Threat Alliance is now a formal non-profit with former White House cyber czar Michael Daniel as its president.
After two weeks at the helm of CTA, Daniel told FCW that he believes the growing member association can drive a number of changes in the cybersecurity ecosystem.
CTA members, which include founding firms Fortinet, Intel, Palo Alto Networks and Symantec, submit threat information into a proprietary platform that allows them to extract shared data in proportion to the quantity and quality of data they provide.
"If you're a member, your defensive products can now be based on a broader set of information than just your own," Daniel said. "That's a significant improvement just right there. And that happens at scale, at speed."
That means member cybersecurity firms will differentiate themselves less on what intelligence they have than on what they do with it in the products and services they provide. Daniel said he expects CTA to spur innovation and competition in that regard.
But, CTA isn't just about sharing threat indicators among members, it also seeks to take a bite out of cybercrime.
"We can take this data and we can use it to begin to assemble a much broader look at what adversaries are doing and actually assemble up what we are calling 'playbooks,'" he said. "It's really the description how the adversary in a particular instance does their entire business operation -- so not only in the malware that they are using, and not only the IP addresses, but their command and control infrastructure.
"If we could publish that and then have the cybersecurity vendors and governments and others begin to take action based on that, then we can actually disrupt the adversary's business model," he said.
The biggest medium- to long-term challenge Daniel sees is coordinating with governments around the world. The U.S. government and private sector have yet to see eye to eye on the protections, incentives and context needed to have effective information sharing that benefits both sectors.
Daniel said that some foreign governments that have limited cyber capabilities might be more inclined to partner with CTA in the near term.
"I think that's going to be a work in progress for some time," he said of integrating with the U.S. government.