Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Threat Intelligence

4/11/2018
02:00 PM
Paul Kurtz
Paul Kurtz
Commentary
Connect Directly
LinkedIn
RSS
E-Mail vvv
100%
0%

Stopping Cyber Madness: Why the Private Sector Must Lead the Fight

The government's ability to help secure the Internet will be limited given the light speed of the Internet versus the slower pace of government. That's why stopping the madness begins with the private sector.

As long as adversaries can spend $1 on a campaign and force us to spend $10 to protect ourselves, enterprises will lose the war on cybercrime. In the Cold War, the US bled the Soviets dry through a military buildup and Reagan's Star Wars initiative. The Russians and others are now using a similar strategy to financially drain the US public and private sectors in cyberspace.

As the news cycle is inundated with alerts about attacks against our critical infrastructure, cities, and universities, the US Cyber Command has responded with a new "Command Vision." The document provides a sobering read. My attention was drawn to one quote in particular:

Adversaries continuously operate against us below the threshold of armed conflict. In this "new normal," our adversaries are extending their influence without resorting to physical aggression. They provoke and intimidate our citizens and enterprises without fear of legal or military consequences.

While Command Vision sets objectives for the military to regain ground, it is clear that the private sector is also in the crosshairs. State-sponsored and criminal organizations have realized there is little chance of real legal or financial consequences for the foreseeable future. Russia, Iran, and North Korea have found our Achilles' heel. Even worse, they've identified our cyber infrastructure as a vulnerability that is cheap to exploit and makes billions.

But what is the Achilles' heel of cybercriminals? It's that they're lazy. They use advanced persistent infrastructure and tend to reuse tactics, techniques, and procedures over and over again.

Rather than building taller silos of data that become even bigger targets for criminals, US public and private sectors must similarly seek to expand their reach with limited resources. By unifying around common means of intelligence exchange and collaboration, US companies can increase their visibility into events in real-time while keeping costs low. Without effective methods to exchange cyber intelligence, enterprises play victim to attackers' strengths, continuing to build and protect larger data troves with common, single points of failure. As Command Vision states, "We should not wait until an adversary is in our networks or on our systems to act with unified responses across agencies regardless of sector or geography." The same applies to the private sector.

Since 1998, when President Bill Clinton signed Presidential Decision Directive 63, we have been on a quest to fuse data and collaborate. In 2015, Congress enabled organizations to work with each other more easily through the passage of the Cybersecurity Act. In May 2017, President Donald Trump called out the importance of information sharing in his Executive Order on Strengthening the Cyber Security of the Federal Government and Critical Infrastructure. Only now, with the growing frequency and severity of attacks, is the government and the private sector beginning to understand the requirement of collaboration. The Department of Homeland Security has begun to make more detailed information available to the private sector through their Critical Information Sharing Collaboration Program (CISCP), and TruSTAR has seen our customers eagerly participate in these efforts. This is a start, but far more work is necessary.

Enterprises and sharing organizations like the Columbus Collaboratory, the Cloud Security Alliance, and CyberUSA are starting to connect through common collaboration platforms to enable parties to exchange data about suspicious events while retaining control over their data. Sector-based organizations are adopting such technology as well, including the IT and retail sectors. These platforms go beyond threat intelligence and fuse disparate data sets related to fraud and physical security events. Shared technology infrastructure enables companies to work from the inside out, streamlining workflows and creating collaborative bonds within an organization first and moving on to supply chain partners, peers, and entire sectors such as IT and retail.

What's Next?
Joshua Cooper Ramo, in his book The Seventh Sense, notes that government's ability to help secure the Internet will be limited given the light speed of the Internet versus the pace of government's ability to act. Stopping the madness begins with the private sector today.

Interop ITX 2018

Paul Kurtz will be headlining Dark Reading's Cybersecurity Crash Course, May 1, at Interop ITX. Check out the agenda here.

Related Content:

 

Paul Kurtz is the CEO and cofounder of TruSTAR Technology. Prior to TruSTAR, Paul was the CISO and chief strategy officer for CyberPoint International LLC where he built the US government and international business verticals. Prior to CyberPoint, Paul was the managing partner ... View Full Bio
Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Microsoft Patches Wormable RCE Vulns in Remote Desktop Services
Kelly Sheridan, Staff Editor, Dark Reading,  8/13/2019
The Mainframe Is Seeing a Resurgence. Is Security Keeping Pace?
Ray Overby, Co-Founder & President at Key Resources, Inc.,  8/15/2019
GitHub Named in Capital One Breach Lawsuit
Dark Reading Staff 8/14/2019
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
7 Threats & Disruptive Forces Changing the Face of Cybersecurity
This Dark Reading Tech Digest gives an in-depth look at the biggest emerging threats and disruptive forces that are changing the face of cybersecurity today.
Flash Poll
The State of IT Operations and Cybersecurity Operations
The State of IT Operations and Cybersecurity Operations
Your enterprise's cyber risk may depend upon the relationship between the IT team and the security team. Heres some insight on what's working and what isn't in the data center.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2019-15113
PUBLISHED: 2019-08-16
The companion-sitemap-generator plugin before 3.7.0 for WordPress has CSRF.
CVE-2019-15114
PUBLISHED: 2019-08-16
The formcraft-form-builder plugin before 1.2.2 for WordPress has CSRF.
CVE-2019-15115
PUBLISHED: 2019-08-16
The peters-login-redirect plugin before 2.9.2 for WordPress has CSRF.
CVE-2019-15116
PUBLISHED: 2019-08-16
The easy-digital-downloads plugin before 2.9.16 for WordPress has XSS related to IP address logging.
CVE-2017-18547
PUBLISHED: 2019-08-16
The nelio-ab-testing plugin before 4.6.4 for WordPress has CSRF in experiment forms.