One of the reasons why the US government is keen to pass cyber security information sharing legislation (forget the fact that its actually a surveillance bill) is that it recognizes how useful it to learn lessons others have had to endure. This is the standard US government modus operandi for everything it does. So it should come as no surprise to see many industry cyber security professionals proclaim the usefulness of crowdsourcing cyber security (emphasis added):
Consumer healthcare products provider Johnson & Johnson is also a big believer in security crowdsourcing. “Our company gathers intelligence feeds from various sources, internal and external,” says Mary Chaney, director of worldwide information security at Johnson & Johnson.
That includes its relationship with the Healthcare and Public Health Information Sharing and Analysis Center (NH-ISAC), which works to improve the resilience of the nation’s critical infrastructure against physical and cyber security threats.
Led by the healthcare industry, NH-ISAC is recognized by such entities as the U.S. Department of Health and Human Services, Health Sector-Coordinating Council, U.S. Department of Homeland Security, National Institute of Standards & Technology, as well as law enforcement agencies.
“Internally, we seek to engage physical, social media relations and other groups that are ‘listening’ for different types of information about the company but could offer insight on things that have a cybersecurity impact,” Chaney says.
The company has an Intelligence and Trending group within its Security Operations Center, whose sole responsibility is to gather intelligence sources and determine how incoming data might apply to Johnson & Johnson’s environment.