Risk
3/16/2011
04:40 PM
50%
50%

Why Cybersecurity Partnerships Matter

The public and private sectors must collaborate in new ways to ward off dangerous threats to critical systems and IT infrastructure.

For years, the federal government has launched one policy initiative after another to protect critical IT infrastructure in coordination with the private sector. There's been progress, but the threats--computer breaches from foreign parties, fast-spreading worms, and hidden malware--have outpaced the advances, leaving computer systems and networks across industries more vulnerable than ever.

What can businesses and Uncle Sam do, together, to reverse this dangerous trend? There must be three areas of immediate focus. First, the public and private sectors need to share more information--more parties must be included and new platforms used. Second, they must pay more attention to defending against attacks that threaten critical IT infrastructure and even damage physical facilities. Third, their collaboration must be ratcheted up to the next level--real-time identification and response as threats occur and, more to the point, "moving security practices from a reactionary posture to one that's proactive and preemptive," says Rich Baich, leader of Deloitte's Cyber Threat Intelligence Group.

In other words, the growing number of cybersecurity "partnerships" being established between the federal government and the business community are more than a one-way street. The feds may be driving the effort through initiatives such as Homeland Security's 2009 National Infrastructure Protection Plan, developed in response to a presidential directive, but companies stand to benefit from the more resilient cyber defenses that result from such collaboration.

The feds have defined 18 infrastructure areas considered essential to national interests. They include the agriculture, banking, chemical, and defense industries, as well as government facilities. The goal is to protect the computer systems and networks that serve those vital sectors from increasingly sophisticated threats, including those launched by hostile actors such as terrorist organizations and rogue nations.

Even the Department of Defense is looking to work with the private sector. When Deputy Secretary of Defense William Lynn recently outlined the DOD's plans for bolstering its cyber defenses, he called for increased cooperation with industry. "With the threats we face, working together is not only a national imperative, it's one of the great technical challenges of our time," he said in February at the RSA Conference in San Francisco.

Over the past two years, the DOD has developed "active defenses" that use sensors, software, and signatures to protect its military networks. Next, Lynn said, the agency will make its cyber capabilities available to the private sector "to help protect the networks that support government operations and critical infrastructure," such as the power grid, telecommunications networks, and defense contractor systems.

Several organizations have laid the groundwork for increased collaboration on cybersecurity. Since 2003, the U.S. Computer Emergency Readiness Team (US-CERT) has been providing updates on threats to industrial control systems and other computing infrastructure. The 42,000 members of InfraGard, a partnership between the FBI and the private sector that dates back to 1996, are devoted to creating "actionable intelligence" for infrastructure protection.

Much of the activity revolves around information sharing in key industries. For example, the National Council of Information Sharing and Analysis Centers supports threat response for companies in financial services, healthcare, public transportation, and a handful of other industries.

Information sharing is important, but it's not enough. Scott Charney, VP of trustworthy computing with Microsoft, calls information "a tool, not an objective."

Industry-specific initiatives are evolving into something more substantial. The Financial Services Sector Coordinating Council, whose members include Bank of America, Citigroup, Morgan Stanley, and Visa, coordinates the protection of IT and other infrastructure operated by banks, insurance companies, and other financial institutions. The council does that work in collaboration with the departments of Homeland Security and Treasury, and in December it took things a step further via a memorandum of understanding with the National Institute of Standards and Technology, Commerce Department, and Homeland Security that paves the way for financial firms and government agencies to work together on the development of cybersecurity technologies and test beds.

Milestones in critical infrastructure Protection

Previous
1 of 4
Next
Comment  | 
Print  | 
More Insights
Register for Dark Reading Newsletters
White Papers
Cartoon
Current Issue
Dark Reading December Tech Digest
Experts weigh in on the pros and cons of end-user security training.
Flash Poll
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2014-5426
Published: 2014-11-27
MatrikonOPC OPC Server for DNP3 1.2.3 and earlier allows remote attackers to cause a denial of service (unhandled exception and DNP3 process crash) via a crafted message.

CVE-2014-2037
Published: 2014-11-26
Openswan 2.6.40 allows remote attackers to cause a denial of service (NULL pointer dereference and IKE daemon restart) via IKEv2 packets that lack expected payloads. NOTE: this vulnerability exists because of an incomplete fix for CVE 2013-6466.

CVE-2014-6609
Published: 2014-11-26
The res_pjsip_pubsub module in Asterisk Open Source 12.x before 12.5.1 allows remote authenticated users to cause a denial of service (crash) via crafted headers in a SIP SUBSCRIBE request for an event package.

CVE-2014-6610
Published: 2014-11-26
Asterisk Open Source 11.x before 11.12.1 and 12.x before 12.5.1 and Certified Asterisk 11.6 before 11.6-cert6, when using the res_fax_spandsp module, allows remote authenticated users to cause a denial of service (crash) via an out of call message, which is not properly handled in the ReceiveFax dia...

CVE-2014-7141
Published: 2014-11-26
The pinger in Squid 3.x before 3.4.8 allows remote attackers to obtain sensitive information or cause a denial of service (out-of-bounds read and crash) via a crafted type in an (1) ICMP or (2) ICMP6 packet.

Best of the Web
Dark Reading Radio
Archived Dark Reading Radio
Now that the holiday season is about to begin both online and in stores, will this be yet another season of nonstop gifting to cybercriminals?