Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.


12:45 PM
Connect Directly

Private Sector Seeks Better Cybersecurity Collaboration

Banking, telecom, and utility execs told Congress Friday that better processes need to be put in place to share information on cyber attacks more quickly, more simply, and more thoroughly.

Inside DHS' Classified Cyber-Coordination Headquarters
(click image for larger view)
Slideshow: Inside DHS' Classified Cyber-Coordination Headquarters
Private sector representatives Friday urged the government to do more to bolster cybersecurity-related information sharing and collaboration between federal agencies like the Department of Homeland Security and companies that own and operate critical infrastructure.

The federal government, mostly under the auspices of the Department of Homeland Security, over the last few years has increased efforts to protect private sector critical infrastructure from hackers. But representatives from AT&T, the North American Electric Reliability Corporation, and a consortium of financial services companies said in testimony before the House committee on homeland security that it's still not enough.

"There's a strong need to develop appropriate and standardized protocols for sharing," said Jane Carlin, chair of the Financial Services Sector Coordinating Council, an association of financial companies set up in the wake of September 11 to protect the nation's financial services critical infrastructure from attack. "Although we've made good progress on information sharing entities, we have not adequately addressed issues of timeliness and completeness of information."

Carlin pointed to the aftermath of a cyber attack on a major financial exchange in October 2010 as an example of where better cooperation could have gone a long way. The exchange immediately informed its regulator and law enforcement, but information about the attack and its impact on other companies wasn't disclosed to the rest of the industry for 102 days.

"This could have had an enormous impact on employees, stockholders, large and small, and the industry as a whole," Carlin said, pointing out that those 102 days spanned the year-end period when companies prepare annual financial reports. "The lack of meaningful information for more than three months left the entire sector unnecessarily vulnerable."

That sentiment was echoed by Gerry Cauley, president and CEO of the North American Electric Reliability Corporation, which develops and oversees power system standards nationwide. Cauley complained that a lack of real-time, actionable intelligence sharing on attacks leaves the power industry "at best" a step behind the government in preventing attacks.

Ed Amoroso, senior VP and chief security officer for AT&T, voiced similar concerns, not just in terms of receiving information from DHS, but also in sending information to DHS. "If you think about the question of coordination, it's the case right now that there's no good way to share information in real time," he said, adding that whenever he wants to share information with the government, it seems like a room full of AT&T lawyers caution him not to. "At AT&T we find it frustrating because we have information we'd like to share."

While shortfalls may remain, DHS has been increasingly working closely with the private sector on critical infrastructure protection issues. Representatives from the IT and financial sectors, for example, work daily on the floor of DHS's National Cybersecurity and Communications Integration Center, which gathers, analyzes, and shares information on cyber attacks with government and industry and coordinates responses. DHS also is finalizing a similar relationship with the electric sector.

In written testimony provided for the hearing, Sean McGurk, the center's director, offered an example of how current modes of collaboration can be effective. Early last year, a company he didn't name was infected with the Mariposa botnet and worked closely with DHS to analyze the attack, trace it back to its point of entry to the company's network, contain the attack, and remove the malware.

The hearing came just as the White House prepares legislation that could have far-reaching effects on the Department of Homeland Security's cybersecurity relationships with private sector critical infrastructure.

According to Federal News Radio, the 100-page bill, which is currently circulating among federal agencies, would, in addition to addressing other broader cyber-related issues, authorize the secretary of DHS to decide what constitutes critical infrastructure and assess and audit critical infrastructure systems. Critical infrastructure owners and operators, in turn, would be required to attest to the implementation of cybersecurity measures.

Comment  | 
Print  | 
More Insights
Newest First  |  Oldest First  |  Threaded View
Mobile Banking Malware Up 50% in First Half of 2019
Kelly Sheridan, Staff Editor, Dark Reading,  1/17/2020
Exploits Released for As-Yet Unpatched Critical Citrix Flaw
Jai Vijayan, Contributing Writer,  1/13/2020
Microsoft to Officially End Support for Windows 7, Server 2008
Kelly Sheridan, Staff Editor, Dark Reading,  1/13/2020
Register for Dark Reading Newsletters
White Papers
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: This comment is waiting for review by our moderators.
Current Issue
The Year in Security: 2019
This Tech Digest provides a wrap up and overview of the year's top cybersecurity news stories. It was a year of new twists on old threats, with fears of another WannaCry-type worm and of a possible botnet army of Wi-Fi routers. But 2019 also underscored the risk of firmware and trusted security tools harboring dangerous holes that cybercriminals and nation-state hackers could readily abuse. Read more.
Flash Poll
[Just Released] How Enterprises are Attacking the Cybersecurity Problem
[Just Released] How Enterprises are Attacking the Cybersecurity Problem
Organizations have invested in a sweeping array of security technologies to address challenges associated with the growing number of cybersecurity attacks. However, the complexity involved in managing these technologies is emerging as a major problem. Read this report to find out what your peers biggest security challenges are and the technologies they are using to address them.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
PUBLISHED: 2020-01-18
Westermo MRD-315 1.7.3 and 1.7.4 devices have an information disclosure vulnerability that allows an authenticated remote attacker to retrieve the source code of different functions of the web application via requests that lack certain mandatory parameters. This affects ifaces-diag.asp, system.asp, ...
PUBLISHED: 2020-01-18
A memory usage vulnerability exists in Trend Micro Password Manager 3.8 that could allow an attacker with access and permissions to the victim's memory processes to extract sensitive information.
PUBLISHED: 2020-01-18
A RootCA vulnerability found in Trend Micro Password Manager for Windows and macOS exists where the localhost.key of RootCA.crt might be improperly accessed by an unauthorized party and could be used to create malicious self-signed SSL certificates, allowing an attacker to misdirect a user to phishi...
PUBLISHED: 2020-01-18
An arbitrary code execution vulnerability exists in the Trend Micro Security 2019 (v15) consumer family of products which could allow an attacker to gain elevated privileges and tamper with protected services by disabling or otherwise preventing them to start. An attacker must already have administr...
PUBLISHED: 2020-01-18
A Persistent Arbitrary Code Execution vulnerability exists in the Trend Micro Security 2020 (v160 and 2019 (v15) consumer familiy of products which could potentially allow an attacker the ability to create a malicious program to escalate privileges and attain persistence on a vulnerable system.