Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.


12:45 PM
Connect Directly

Private Sector Seeks Better Cybersecurity Collaboration

Banking, telecom, and utility execs told Congress Friday that better processes need to be put in place to share information on cyber attacks more quickly, more simply, and more thoroughly.

Inside DHS' Classified Cyber-Coordination Headquarters
(click image for larger view)
Slideshow: Inside DHS' Classified Cyber-Coordination Headquarters
Private sector representatives Friday urged the government to do more to bolster cybersecurity-related information sharing and collaboration between federal agencies like the Department of Homeland Security and companies that own and operate critical infrastructure.

The federal government, mostly under the auspices of the Department of Homeland Security, over the last few years has increased efforts to protect private sector critical infrastructure from hackers. But representatives from AT&T, the North American Electric Reliability Corporation, and a consortium of financial services companies said in testimony before the House committee on homeland security that it's still not enough.

"There's a strong need to develop appropriate and standardized protocols for sharing," said Jane Carlin, chair of the Financial Services Sector Coordinating Council, an association of financial companies set up in the wake of September 11 to protect the nation's financial services critical infrastructure from attack. "Although we've made good progress on information sharing entities, we have not adequately addressed issues of timeliness and completeness of information."

Carlin pointed to the aftermath of a cyber attack on a major financial exchange in October 2010 as an example of where better cooperation could have gone a long way. The exchange immediately informed its regulator and law enforcement, but information about the attack and its impact on other companies wasn't disclosed to the rest of the industry for 102 days.

"This could have had an enormous impact on employees, stockholders, large and small, and the industry as a whole," Carlin said, pointing out that those 102 days spanned the year-end period when companies prepare annual financial reports. "The lack of meaningful information for more than three months left the entire sector unnecessarily vulnerable."

That sentiment was echoed by Gerry Cauley, president and CEO of the North American Electric Reliability Corporation, which develops and oversees power system standards nationwide. Cauley complained that a lack of real-time, actionable intelligence sharing on attacks leaves the power industry "at best" a step behind the government in preventing attacks.

Ed Amoroso, senior VP and chief security officer for AT&T, voiced similar concerns, not just in terms of receiving information from DHS, but also in sending information to DHS. "If you think about the question of coordination, it's the case right now that there's no good way to share information in real time," he said, adding that whenever he wants to share information with the government, it seems like a room full of AT&T lawyers caution him not to. "At AT&T we find it frustrating because we have information we'd like to share."

While shortfalls may remain, DHS has been increasingly working closely with the private sector on critical infrastructure protection issues. Representatives from the IT and financial sectors, for example, work daily on the floor of DHS's National Cybersecurity and Communications Integration Center, which gathers, analyzes, and shares information on cyber attacks with government and industry and coordinates responses. DHS also is finalizing a similar relationship with the electric sector.

In written testimony provided for the hearing, Sean McGurk, the center's director, offered an example of how current modes of collaboration can be effective. Early last year, a company he didn't name was infected with the Mariposa botnet and worked closely with DHS to analyze the attack, trace it back to its point of entry to the company's network, contain the attack, and remove the malware.

The hearing came just as the White House prepares legislation that could have far-reaching effects on the Department of Homeland Security's cybersecurity relationships with private sector critical infrastructure.

According to Federal News Radio, the 100-page bill, which is currently circulating among federal agencies, would, in addition to addressing other broader cyber-related issues, authorize the secretary of DHS to decide what constitutes critical infrastructure and assess and audit critical infrastructure systems. Critical infrastructure owners and operators, in turn, would be required to attest to the implementation of cybersecurity measures.

Comment  | 
Print  | 
More Insights
Newest First  |  Oldest First  |  Threaded View
Aviation Faces Increasing Cybersecurity Scrutiny
Kelly Jackson Higgins, Executive Editor at Dark Reading,  8/22/2019
Microsoft Tops Phishers' Favorite Brands as Facebook Spikes
Kelly Sheridan, Staff Editor, Dark Reading,  8/22/2019
Capital One Breach: What Security Teams Can Do Now
Dr. Richard Gold, Head of Security Engineering at Digital Shadows,  8/23/2019
Register for Dark Reading Newsletters
White Papers
Current Issue
7 Threats & Disruptive Forces Changing the Face of Cybersecurity
This Dark Reading Tech Digest gives an in-depth look at the biggest emerging threats and disruptive forces that are changing the face of cybersecurity today.
Flash Poll
The State of IT Operations and Cybersecurity Operations
The State of IT Operations and Cybersecurity Operations
Your enterprise's cyber risk may depend upon the relationship between the IT team and the security team. Heres some insight on what's working and what isn't in the data center.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
PUBLISHED: 2019-08-25
filters/filter-cso/filter-stream.c in the CSO filter in libMirage 3.2.2 in CDemu does not validate the part size, triggering a heap-based buffer overflow that can lead to root access by a local Linux user.
PUBLISHED: 2019-08-25
An issue was discovered in xfs_setattr_nonsize in fs/xfs/xfs_iops.c in the Linux kernel through 5.2.9. XFS partially wedges when a chgrp fails on account of being out of disk quota. xfs_setattr_nonsize is failing to unlock the ILOCK after the xfs_qm_vop_chown_reserve call fails. This is primarily a ...
PUBLISHED: 2019-08-23
The authentication applet in Watchguard Fireware 11.11 Operating System has reflected XSS (this can also cause an open redirect).
PUBLISHED: 2019-08-23
An Improper Neutralization of Input During Web Page Generation ("Cross-site Scripting") in Fortinet FortiNAC 8.3.0 to 8.3.6 and 8.5.0 admin webUI may allow an unauthenticated attacker to perform a reflected XSS attack via the search field in the webUI.
PUBLISHED: 2019-08-23
Lack of root file system integrity checking in Fortinet FortiManager VM application images of all versions below 6.2.1 may allow an attacker to implant third-party programs by recreating the image through specific methods.