Thursday, 21 May 2015

Private sector not sharing as much cybersecurity info as feds want, experts say

The federal government wants a better line of sight into cyber incidents and breaches within the commercial sector, but many American companies shy away from formally sharing such information with agencies, a panel of federal experts said at a May 20 forum in Washington, D.C.

Convincing the private sector to share more information about cybersecurity incidents with the federal government will take trust building and a cooperative effort across all relevant agencies, the panel said at the ATARC Federal Cybersecurity Integration Summit.

Though not as simplistic as picking up the telephone and calling each other, private organizations still mostly share information through “informal channels” that take place at an essentially personal level, said Tony Summerlin, who’s a senior strategic advisor for the Federal Communications Commission.

While that laissez-faire strategy worked in the past against a single individual or group of hackers, the private sector is now dealing with sophisticated global criminal organizations and geopolitical rivals like China, Russia, Iran and, most notoriously, North Korea, that look to steal credit card data, intellectual property or state secrets.

For companies to have a chance against the strength of such international cyber marauders, experts said the federal government must create a trusted platform where the private sector can safely and securely share data with agencies.

While there are several so-called information sharing and analysis centers and other federal and private mechanisms designed to foster greater sharing, many companies still feel insecure about providing information because they’re afraid of revealing customer data or being sued by others. Still, the White House, Senateand House of Representatives all agree that something must be done.

Summerlin suggested creating a model with “tentacles” stretching across different industries that could then pull information into a central hub. By creating those lines of communication, companies can then make greater use of the federal resources while addressing a full on attack.

Anonymity is another hurdle for improving sharing efforts by the private sector, according to Brad Nix, deputy director for U.S. Computer Emergency Readiness Team, which is housed within the Homeland Security Department. At the forefront of every decision for large companies is how an incident will affect the bottom line, he added.

“It will impact whether or not customers come to you and use you,” he said. “It will impact whether or not shareholders actually want to invest money in you. So we have to respect that. We have to make sure that the programs that we set up protect the anonymity.”

And this issue goes beyond the private sector, said Pamela Wise-Martinez, who’s senior strategic enterprise architect for federal Information Sharing Environment program that seeks to improve data exchange to further national security. The federal government also requires its own effective and unified structure to ensure that critical infrastructure such as dams, power supplies and metro rails stay safe from cyber threats and can be tended to at the local level if need be.

“When an incident occurs in the cyber realm … that people may not see as a cyber incident because the impact is so devastating [such as] perhaps a metro incident or a water treatment incident. Take your pick. ” Wise-Martinez said. “There are a number of incidents that might impact you in the public realm, and you think it’s a public safety issue. But really it may have started off as a cyber incident.”

View the original content and more from this author here: http://ift.tt/1IRM6H2



from cyber security caucus http://ift.tt/1dnkjmd
via IFTTT

No comments:

Post a Comment