Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Threat Intelligence

3/11/2019
05:00 PM
Connect Directly
Twitter
LinkedIn
Google+
RSS
E-Mail
50%
50%

NSA, DHS Call for Info Sharing Across Public and Private Sectors

Industry leaders debate how government and businesses can work together on key cybersecurity issues.

If money were no object, and you didn't have to worry about bureaucracy or politics, what would you have your organization do to make a difference in the public-private sector discourse on cybersecurity? How would you improve tactics and techniques?

"The thing I'd love to be able to do is share in real time," said Neal Ziring, technical director for the National Security Agency's Capabilities Directorate. The question was posed to him, and two other panelists from the public and private sectors, in the RSA Conference panel "Behind the Headlines: A Public-Private Discourse on Cyber-Defense," last week in San Francisco.

Ziring explained how if policy were not an issue, he would want to take NSA's foreign intelligence and turn it into actionable warnings in real time. "That's not easy. We're trying to work in that direction," he said, adding that there are "considerable policy obstacles to that right now."

Defenders are overwhelmed with an onslaught of threat data, user error, poor endpoint protection tools, and myriad other factors making their jobs harder. This discussion brought together security experts to put the spotlight on which threats should be prioritized and how the government and private sector can better improve their relationships to address them.

John Felker, director of the DHS's National Cybersecurity & Communication Integration Center (NCCIC), outlined the security threats that are top-of-mind for government. China, he said, is a big one: It continues to engage in cyber espionage despite a 2015 agreement to stop. Industrial theft is a primary concern as China's long-term strategy is to improve its economy, he said.

"We've seen lots and lots of threats from Iran," Felker continued. Iran is now heavily focusing on oil and gas, primarily in the Middle East. "We believe they're posturing for future activity."

Next up: Russia. "Part of the Russia threat relates to keeping their economy strong and the things they want to participate in to allow their form of government to continue," he explained. There is "significant potential for mischief" as there remains a possibility Russia will segregate itself from the Internet as a threat. Finally, Felker pointed to North Korea, which is primarily financially motivated and needs funds to develop domestic IT infrastructure and industry.

A Call for Info Sharing
Information sharing was a key theme of the talk, and all panelists emphasized a greater need for the public and private sectors to share threat intelligence. "It doesn't do us any good to exchange business cards in the middle of a cyber incident," Felker said. He encourages organizations to reach out if they're hit. "Make sure someone knows it's OK to do that," he added.

While the NSA doesn't have the public facing role the DHS does, Ziring noted the organization does interact with the public and business communities. His advice: "If we go to the trouble to publish advice, take it," he said. "We don't publish all that frequently, and when we do there are really good reasons behind it."

He also advised businesses to collaborate with the NSA on a technical level. "The goal we're trying to achieve is shared visibility into the cyberspace where we all have to operate," Ziring continued. Threat actors have visibility over all of us; it would help businesses to do the same.

Security teams need to establish trust before an attack takes place. Part of building relationships involves conducting internal and external exercises across the organization so senior leadership knows what's happening and what to do. If you implement a security framework, blog about it, said Curtis Dukes, executive vice president and general manager for the Security Best Practices and Automation Group at the Center for Internet Security.

"You are a target – it's not if but when you're attacked," Dukes explained. "Communicate 'here's what happened and why.' That way, we all learn from your misfortune, but more importantly we can protect ourselves."

Modern C-suites are more aware of cybersecurity and the effect it can have on a business, he added. Major incidents have taught them how poor security can affect a bottom line, and now they're asking for board members who have cybersecurity expertise.

However, "where we're falling short is we still haven't done an adequate job of translating cyber-risk to business risk," he added. Businesses will place high value on certain business processes but fail to recognize the impact of losing that process in a cyberattack.

Related Content:

 

 

Join Dark Reading LIVE for two cybersecurity summits at Interop 2019. Learn from the industry's most knowledgeable IT security experts. Check out the Interop agenda here.

Kelly Sheridan is the Staff Editor at Dark Reading, where she focuses on cybersecurity news and analysis. She is a business technology journalist who previously reported for InformationWeek, where she covered Microsoft, and Insurance & Technology, where she covered financial ... View Full Bio

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
The Security of Cloud Applications
Hillel Solow, CTO and Co-founder, Protego,  7/11/2019
US Mayors Commit to Just Saying No to Ransomware
Robert Lemos, Contributing Writer,  7/16/2019
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: "SpearPhish! Everyone out of the office!"
Current Issue
Building and Managing an IT Security Operations Program
As cyber threats grow, many organizations are building security operations centers (SOCs) to improve their defenses. In this Tech Digest you will learn tips on how to get the most out of a SOC in your organization - and what to do if you can't afford to build one.
Flash Poll
The State of IT Operations and Cybersecurity Operations
The State of IT Operations and Cybersecurity Operations
Your enterprise's cyber risk may depend upon the relationship between the IT team and the security team. Heres some insight on what's working and what isn't in the data center.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2019-13584
PUBLISHED: 2019-07-17
The remote admin webserver on FANUC Robotics Virtual Robot Controller 8.23 allows Directory Traversal via a forged HTTP request.
CVE-2019-13585
PUBLISHED: 2019-07-17
The remote admin webserver on FANUC Robotics Virtual Robot Controller 8.23 has a Buffer Overflow via a forged HTTP request.
CVE-2019-13631
PUBLISHED: 2019-07-17
In parse_hid_report_descriptor in drivers/input/tablet/gtco.c in the Linux kernel through 5.2.1, a malicious USB device can send an HID report that triggers an out-of-bounds write during generation of debugging messages.
CVE-2019-13614
PUBLISHED: 2019-07-17
CMD_SET_CONFIG_COUNTRY in the TP-Link Device Debug protocol in TP-Link Archer C1200 1.0.0 Build 20180502 rel.45702 and earlier is prone to a stack-based buffer overflow, which allows a remote attacker to achieve code execution or denial of service by sending a crafted payload to the listening server...
CVE-2019-10100
PUBLISHED: 2019-07-17
tinymce 4.7.11, 4.7.12 is affected by: CWE-79: Improper Neutralization of Input During Web Page Generation. The impact is: JavaScript code execution. The component is: Media element. The attack vector is: The victim must paste malicious content to media element's embed tab.