Closing the cyber security threat intelligence gap | SC Media
Architecture, Network security

Closing the cyber security threat intelligence gap

February 19, 2014

It's no secret that one of the effects of the Edward Snowden revelations has been a slowdown in the effort to pass new cyber security legislation that facilitates information sharing between the government and the private sector. However, the need for cyber threat intelligence sharing is still vital, and with Congress sidelined, it's going to take leadership from the nation's corporate executives to make progress on this issue within the framework of our current laws.

We continue to see major cyber security incidents in the headlines each week. In order to understand how well prepared organizations are to handle these incidents, Lancope commissioned the Ponemon Institute to complete a survey of 674 IT and IT security professionals on their cyber security threat readiness. The results of our survey demonstrate that there is a significant threat intelligence gap.

Only 12 percent of survey respondents indicated that their organizations share cyber threat information with industry peers. A much larger group indicated that they had information to share – 43 percent produced unique intelligence from investigations of attacks against their organizations. Why aren't they sharing that information?

The Congressional Research Service authored a report on selected legal issues in cyber security that provided a critical examination of some of the concerns that organizations have about cyber threat intelligence sharing. The concerns include the Electronic Communications Privacy Act, antitrust law, and liability concerns that might arise if an organization received word about an attack but failed to take appropriate actions.

While federal legislation could help ally these concerns, the report by the Congressional Research Service indicated that for the most part, these legal issues should not be an impediment to sharing. For example, regarding the question of antitrust law, the report concludes that as long as “sharing of information is limited to the purpose of aiding in combating cyber security threats, it is likely that the antitrust concerns raised by any potential agreement would be limited.”

The fact is that the real impediment to cyber security information sharing isn't federal law – it's the lack of executive support. Our survey results indicate that many executives are out of the loop when it comes to cyber security issues. Only 20 percent of our respondents told us that executives in their organization are frequently briefed about cyber security threats to their organizations. A lack of awareness may be translating into a lack of support for initiatives such as information sharing.

It takes time and effort to build an effective information sharing program that is compliant with the law. If executives don't support this sort of work, it isn't going to get done. Although it might seem like sharing threat information is an effort that is only going to help your competitors, an enlightened sense of self interest needs to come into play here. American corporations want to compete with each other based on the value of the products and services they are offering. When it comes to cyber security – we should be working together.
prestitial ad