Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Network Security

What the Debates on Information Sharing Seem to be Missing

If Threat Information is Available But not Fully and Effectively Utilized, Then Knowledge is Not Power

If Threat Information is Available But not Fully and Effectively Utilized, Then Knowledge is Not Power

The term “information sharing” has been all over the news ever since the President’s executive order on cybersecurity — even more so now that the Cyber Intelligence Sharing and Protection Act (CISPA) passed in the House with a tally of 248-168, and there are budget dollars on the table. To those in the business of protecting critical infrastructures from cyber attack, it’s been a topic that has been visited, re-visited, and beaten nearly to death over the past decade. The goal is commendable and sincere: if we share information about cyber threats—which are growing in numbers and evolving in sophistication at frightening rates—then we will all be better informed and, ergo, better able to protect ourselves. Scientia potestas est. Knowledge is power.

Putting the debates of feasibility, responsibility and liability aside, there is an amazing wealth of relevant information to be shared. There are a number of experts and organizations, both public and private, that perform exhaustive vulnerability research to understand what new threats look like, where they’re coming from, and how to protect against them. The relevance and value of using this wealth of information to improve security in irrefutable. Before you can use knowledge, you must acquire it, and that means sharing information.

Information SharingHowever, even if we do achieve the “near real-time sharing of cyber-threat information to assist participating critical infrastructure companies,” and even if this information is shared between federal agencies (which presumably have lots of knowledge to convert into power) and private industry, there’s still a fatal flaw.

If the information is available but not fully and effectively utilized, then knowledge is not power—it is simply knowledge. Books in a library, unread. A lecture, unattended.

It’s perfectly possible to utilize knowledge fully and effectively, but there’s still a strong reluctance to do so within industry because it requires capital and operational expense. There are many commercial tools available to squeeze the full defensive potential out of this information, but are these tools deployed? Even counted together, as a whole, the entire advanced threat protection market is far from ubiquitous.

Policy and practices, recommendations and risk assessments are all good, but you can’t defend against a cyber threat without a cyber defense. Technology is necessary to fight technology. And you can’t fight tomorrow’s threats with yesterday’s security technology. In the US, there are now budget dollars on the table, but will they be used wisely? Will they help realize the potential of the global cyber security industries’ collective knowledge? Information feeds aren’t enough, because sharing what already happened can’t protect us from what has yet to come. Technology needs to advance, to use the information that we have in new, predictive and powerful ways.

Otherwise, the threat will always remain ahead of the mitigation. Information sharing is by definition reactionary. One group will share with another group some details of some incident that has occurred in some place. Some vulnerability that has been exploited will be disclosed after the threat has been realized so that other potential targets can help to better defend against a similar attack. It might protect against the repetition of attacks across an industry, but the initial damage is done. As malware gets more complex, the initial attack is less likely to resemble subsequent attacks, further devaluing any mitigation against the initial vector.

Knowledge is power, but only when fully realized and effectively utilized. Unless the world’s critical industries change their fundamental attitudes towards implementing security, and move beyond baseline recommendations to implement cutting edge defenses, our efforts will fail. Our books will grow dusty. Our lecture hall will echo.

Advertisement. Scroll to continue reading.

Related Reading: Threat Information Sharing – Fighting Fire with Fire

Related ReadingCombating Emerging Threats Through Security Collaboration

Written By

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join the session as we discuss the challenges and best practices for cybersecurity leaders managing cloud identities.

Register

SecurityWeek’s Ransomware Resilience and Recovery Summit helps businesses to plan, prepare, and recover from a ransomware incident.

Register

Expert Insights

Related Content

Identity & Access

Zero trust is not a replacement for identity and access management (IAM), but is the extension of IAM principles from people to everyone and...

Malware & Threats

The NSA and FBI warn that a Chinese state-sponsored APT called BlackTech is hacking into network edge devices and using firmware implants to silently...

Cybersecurity Funding

Network security provider Corsa Security last week announced that it has raised $10 million from Roadmap Capital. To date, the company has raised $50...

Network Security

Attack surface management is nothing short of a complete methodology for providing effective cybersecurity. It doesn’t seek to protect everything, but concentrates on areas...

Application Security

Virtualization technology giant VMware on Tuesday shipped urgent updates to fix a trio of security problems in multiple software products, including a virtual machine...

Identity & Access

Hackers rarely hack in anymore. They log in using stolen, weak, default, or otherwise compromised credentials. That’s why it’s so critical to break the...

Application Security

Fortinet on Monday issued an emergency patch to cover a severe vulnerability in its FortiOS SSL-VPN product, warning that hackers have already exploited the...

Cyberwarfare

Websites of German airports, administration bodies and banks were hit by DDoS attacks attributed to Russian hacker group Killnet