Analytics
6/24/2014
12:00 PM
Connect Directly
Twitter
LinkedIn
Facebook
RSS
E-Mail
50%
50%

Crowdsourcing & Cyber Security: Who Do You Trust?

A collective security defense can definitely tip the balance in favor of the good guys. But challenges remain.

As the interconnectedness of our society in cyberspace has grown exponentially, virtually every aspect of industry has become dependent on cyber networks and therefore on network security. This interconnectedness has increased the need for shared risk, and today communities of organizations must work more collaboratively. But many question -- is it really possible to do this? I would argue that it is possible, and there is progress in the crowdsourcing of cyber security.

Sharing expertise and threat intelligence within the "commons" -- resources affecting an entire community -- enhances the ability of the good guys to respond to the bad guys. Rather than operating in isolated silos, the "sharing" -- sourcing from the crowd -- enables a collective defense that, though not tipping the balance totally in favor of the good guys, certainly improves the potential for a more powerful defense.

The challenge, of course, is how to source from the crowd when trust and transparency are the watchwords of cyber security. How do you ensure the veracity of submissions ("attribution"), represented as the work of good guys and not a potential "Trojan Horse," in a world where anonymity is the norm and may in fact be a legal requirement? How do you establish an audit trail of accountability to ensure trust and transparency? How do you create an incentive system that rewards contributions from the best and brightest?

The "how" is a work in process, but there are three active representative efforts that hold promise for harnessing the creative skills of the broader cyber community at least to raise the barriers against cyber attacks.

Special interest collaborations
Groups of like-minded organizations and individuals are coming together for collaboration around a specific threat or within a defined community.

The Conficker Working Group was formed in late 2008 by a coalition of security researchers for the express purpose of pooling intelligence and expertise to defend against malicious Conficker malware. The effort was noteworthy, not only for its effectiveness, but also for the unprecedented cooperation between private and public-sector organizations and individuals from around the world.

The Financial Services Information Sharing and Analysis Center (FS-ISAC) was launched in 1999 prompted by a 1998 presidential mandate to share information about physical and cyber security threats and vulnerabilities among the public and private sectors in order to protect the US financial community and its critical infrastructure.

FS-ISAC represents a community of trust where the organization continually collects, analyzes, vets, and disseminates relevant threat intelligence to its participating members. This was initially a US-focused effort, but in 2013, the FS-ISAC board of directors approved a charter amendment allowing for the sharing of information with financial organizations around the globe. Its recently completed Critical Infrastructure Notification System (CINS) allows the organization to speed security threats and alerts to multiple recipients around the globe nearly simultaneously while providing for user authentication and delivery confirmation.

"White hat" hired guns
For a number of years, leading technology companies such as Google, Facebook, and PayPal have managed programs where qualified white-hat hackers (and, in some cases, employees) work to detect product and network vulnerabilities in exchange for bounties. These programs have worked not only by internalizing the cat-and-mouse game of cyber attacks in a controlled environment, but also by providing a financially viable alternative to criminal activity for young engineers who are attracted to the technology challenges of hacking but might otherwise be drawn to the "dark side."

A team of former NSA researchers recently formed a Silicon Valley company called Synack. It responds to the rapidly growing community of corporations that want to find a trusted way to source the creative ability to identify and isolate vulnerabilities in their infrastructure but lack the resources and expertise to manage a highly vetted process themselves. Building on extensive career experience, the Synack team has created a network of hundreds of vetted and trusted cyber engineers who are made available to clients for vulnerability remediation on an ongoing subscription, leveraging a "pay for success" model. To ensure trust, Synack actively monitors its community of analysts. The financial services, healthcare, and e-commerce industries are among the early adopters of Synack's Crowd Security Intelligence offering.

Shared threat intelligence
A number of companies, such as AlienVault, Threat/Stream, and CloudFlare, collect threat intelligence from a spectrum of sources and package it for distribution to customers, often as part of an integrated security management platform. Through the collection, aggregation, and vetting process, these vendors look to impart trust to the intelligence they share, which would otherwise come with little transparency. Once again, the intent is to facilitate the sharing of experiences and knowledge within the user community, enabling agility and compressing time to discovery for cyber threats.

There is a great deal of interest in, and activity around, delivering on the full potential of crowdsourcing in meeting dynamic and rapidly evolving cyber security threats. At the same time, it's wise to note that our cyber protagonists have always been at the leading edge of innovative techniques for identifying, harnessing, and directing engineering creativity to achieve their nefarious objectives. In this regard, crowdsourcing may simply be another front in the cyber security wars.

Robert R. Ackerman Jr. is the founder and a Managing Director of Allegis Capital, an early-stage Silicon Valley venture capital firm that invests heavily in cyber security. Allegis cyber security portfolio companies include IronPort Systems (acquired by Cisco), Solera ... View Full Bio
Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
RyanSepe
50%
50%
RyanSepe,
User Rank: Ninja
6/29/2014 | 5:58:02 PM
Re: From FOSS Came Crowdsourcing
I agree with you and have alluded to many of the same principles in another article posted. A higher emphasis needs to be put on penetration testing from a party that does not have malicious intent. Many of the security safeguards today are preventative or corrective meaning that they are both to some capacity reactive.

As you say, we need to think like the "dark side" and try to uncover threats and new intrusion methodologies before users of malicious intent do. This is one of the only ways I can see us alleviating some of the potential dangers of zero days.
Christian Bryant
50%
50%
Christian Bryant,
User Rank: Ninja
6/25/2014 | 1:38:34 AM
From FOSS Came Crowdsourcing
Well, maybe crowdsourcing wasn't strictly borne from the Free and Open Source Software (FOSS) communities, but it's improved because of them, I believe. I also believe strongly in this model, and I would argue that all along, hackers have been doing this, albeit some on the cyber crime side of things. Often the "everyman" of the enterprise community needs to evolve to think more like the dark side. I wouldn't say that crowdsourcing is beating the enemy because it is a superior methodology to what the hacker and cracker communities (yes, and old ones, at that) are doing, but rather it is moving computer internet security forward because the enterprise is finally catching up with the enemy.

As systems, component applications, their source code and vulnerabilities become more "open" (apologies to Richard Stallman for using the "o" word), everyone is empowered through the ability to make improvements, fix vulnerabilities and share the burden across the community.  One of the killers of the old guard of enterprise models was that everything was closed off, and while each IT silo was on its own, crackers and hackers the world over were sharing tech, exploits and trading anecdotes, strengthening the community and making it more deadly.

About time we got on board and evolved to their level.
Marilyn Cohodas
50%
50%
Marilyn Cohodas,
User Rank: Strategist
6/24/2014 | 3:57:35 PM
Good overview on pluses & minuses of crowdsourcing cyber security
Nice blog, Bob. I wonder if you'd care to expand on which "hows" you mention present th greatest challenges for crowdsourcing security. They also sound quite formidable to me! 
Register for Dark Reading Newsletters
Partner Perspectives
What's This?
In a digital world inundated with advanced security threats, Intel Security seeks to transform how we live and work to keep our information secure. Through hardware and software development, Intel Security delivers robust solutions that integrate security into every layer of every digital device. In combining the security expertise of McAfee with the innovation, performance, and trust of Intel, this vision becomes a reality.

As we rely on technology to enhance our everyday and business life, we must too consider the security of the intellectual property and confidential data that is housed on these devices. As we increase the number of devices we use, we increase the number of gateways and opportunity for security threats. Intel Security takes the “security connected” approach to ensure that every device is secure, and that all security solutions are seamlessly integrated.
Featured Writers
White Papers
Cartoon
Current Issue
Dark Reading's October Tech Digest
Fast data analysis can stymie attacks and strengthen enterprise security. Does your team have the data smarts?
Flash Poll
Threat Intel Today
Threat Intel Today
The 397 respondents to our new survey buy into using intel to stay ahead of attackers: 85% say threat intelligence plays some role in their IT security strategies, and many of them subscribe to two or more third-party feeds; 10% leverage five or more.
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2013-7407
Published: 2014-10-22
Cross-site request forgery (CSRF) vulnerability in the MRBS module for Drupal allows remote attackers to hijack the authentication of unspecified victims via unknown vectors.

CVE-2014-3675
Published: 2014-10-22
Shim allows remote attackers to cause a denial of service (out-of-bounds read) via a crafted DHCPv6 packet.

CVE-2014-3676
Published: 2014-10-22
Heap-based buffer overflow in Shim allows remote attackers to execute arbitrary code via a crafted IPv6 address, related to the "tftp:// DHCPv6 boot option."

CVE-2014-3677
Published: 2014-10-22
Unspecified vulnerability in Shim might allow attackers to execute arbitrary code via a crafted MOK list, which triggers memory corruption.

CVE-2014-4448
Published: 2014-10-22
House Arrest in Apple iOS before 8.1 relies on the hardware UID for its encryption key, which makes it easier for physically proximate attackers to obtain sensitive information from a Documents directory by obtaining this UID.

Best of the Web
Dark Reading Radio
Archived Dark Reading Radio
Follow Dark Reading editors into the field as they talk with noted experts from the security world.