NextGov on a Department of Homeland Security Executive pushing for an official information sharing framework, stating cyber threats will keep coming if public and private sectors do not collaborate:
“Unfortunately, the slope of the [bad guys’] curve is greater than the slope of the good guys,” he said. “How we do business today is not working. The problem was bad in , and it’s gotten worse in 2013. And I would suspect the trend is not getting better.”
DHS works with the National Security Agency, the FBI, and other organizations on cybersecurity, focusing primarily on protecting dot-gov systems, Fonash said. Their programs include the intrusion prevention system Einstein, whose sensors are meant to monitor Internet traffic, and “Enhanced Cybersecurity Services,” which aims to help businesses strengthen their cybersecurity protection.
During his remarks, Fonash said securing the cyber ecosystem against national threats requires a partnership between the government and industry players.
“We need to be able to share information much more rapidly than we currently do,” he said.
One way to do so, he said, is through an automated system. But first, industry and government must agree on a set of standards for sharing cyber threat information, Fonash stressed. Currently, as CERT receives information, “we have to translate it from one format to another format,” he said.
I have no doubt that a strong public-private partnership for information sharing between industry and the US government is a good thing. However, to claim the lack of such collaboration is what will keep the threats coming is just plain hogwash.
Even if a deal were to be struck tomorrow, and information sharing commenced the following day, cyber attacks are going to continue. The mere existence of collaboration is not what will prevent cyber attacks. Nothing is going to stop cyber attacks from happening, just like nothing stops terrorists from terrorizing citizens all over the globe.
What this will do is increase cyber defenses for industry and the government. Each side will learn from the other: learn of the types of attacks being visualized, the techniques being used by those attackers, the various data associated with cyber attacks (ie. IP addresses, domain names, ports, tradecraft, etc), as well as any potential defense techniques preventing the attack from being successful.
This dialog, if you will, then creates a situation where industry and the government are collaborating on better tactics, techniques, and procedures for preventing similar attacks in the future. The goal should be to share those techniques with all partners, hopefully something happening frequently and in an automated fashion.