Risk
3/16/2011
04:40 PM
Connect Directly
RSS
E-Mail
50%
50%
Repost This

Why Cybersecurity Partnerships Matter

The public and private sectors must collaborate in new ways to ward off dangerous threats to critical systems and IT infrastructure.

Hub Of Activity

Homeland Security's National Cyber Security Division (NCSD), which includes US-CERT and the National Coordinating Center for Telecommunications, is a hub of activity for these joint efforts. IT personnel from the private sector routinely work within the division's National Cybersecurity and Communications Integration Center, which opened in 2009. During a tour of the facility last year, InformationWeek learned that NCCIC had been in touch with Facebook and Twitter about possible attacks on their sites.

The center is establishing ties with 18 industries that it deems critical, including telecom and energy, as a way to keep lines of communications open and provide assistance where needed. A group within NCSD that concentrates on attacks against critical infrastructure took the lead in the government's investigation last year of the Stuxnet worm, which infected thousands of specialized computers in Iran, Indonesia, India, and elsewhere, according to Symantec. NCSD also led Cyber Storm III, a war game in which dozens of companies participated.

During the past year, some of the tech industry's biggest players have worked with the feds to investigate cybersecurity incidents. Microsoft, for instance, engaged CERT teams to take down the Waledec botnet, which infected tens of thousands of Windows-based computers worldwide. About that same time, Google reportedly turned to the National Security Agency to analyze a security breach of its systems that originated in China.

At the Pentagon, DOD officials now meet "regularly" with their counterparts at technology and defense companies to identify vulnerabilities and get ahead of threats, according to Deputy Secretary Lynn.

The Challenges

While the benefits of public-private partnerships are clear, the challenges are pervasive: a lack of trust between parties; laws and regulations that discourage full disclosure of information; the vested interests of security vendors; fear of bad publicity and customer backlash; and silos and turf wars within government agencies.

New rules of engagement are needed to break down those barriers. Incidents such as last year's leak of government documents on WikiLeaks and the penetration of Nasdaq servers by unknown attackers could have and should have been prevented. "Open source"--that is, open to all--data consolidation, analysis, and remediation efforts are what's needed.

The opportunity is in harnessing a wider array of perspectives and ideas than happens now with a closed loop of participants. We know it's possible because we do it already with software and hardware vulnerabilities in the form of the Common Vulnerability and Exposures, or CVE. With Mitre as the editor and numbering authority for CVE identifiers, data gets collected and used across the industry.

William Lynn, Department of Defense
"Working together is one of the great technical challenges of our time." --William Lynn, Department of Defense
What more can be done to improve cybersecurity? I argue for these next steps in public-private collaboration:

>> Establish real-time events tracking across organizations and sectors of the economy. We have the technology and the knowledge to identify an increase in threat activity or behavior across systems. Let's use them.

>> Conduct intelligent activity analysis, also in real time, to identify where threats originate, their targets, and their activity and behavior.

>> Identify and share the sources of abnormal and malicious traffic.

>> Establish an organization of vendors, businesses, and researchers that develops capabilities for dynamic defense and response.

Imagine what researchers and engineers could do if these pieces were put into place. Internal security teams could batten down the hatches quickly, while security vendors could immediately incorporate the necessary changes in their products and push out patches and updates.

But how to begin? There are two existing models outside of the security industry for how this might work. One is a stock exchange, which serves as a clearinghouse for transactions and a hub of market and economic information. There's also the example of the National Weather Service, where data gets shared and repurposed widely by third parties that use it to create value for their customers. If we can track financial transactions by the billions and forecast weather events days in advance, we should be able to get a better handle on cyberthreats as well.

We need to muster our creativity and entrepreneurial mojo to come up with workable solutions. Stuxnet exemplifies the risks we face. The worm was aimed at industrial control systems, which run the gamut of critical infrastructure, from nuclear power plants to oil refineries. It was built with great care to stealthily embed into systems, propagate, and update by "phoning home."

Previous
2 of 4
Next
Comment  | 
Print  | 
More Insights
Register for Dark Reading Newsletters
White Papers
Cartoon
Current Issue
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2013-1421
Published: 2014-04-22
Cross-site scripting (XSS) vulnerability in Craig Knudsen WebCalendar before 1.2.5, 1.2.6, and other versions before 1.2.7 allows remote attackers to inject arbitrary web script or HTML via the Category Name field to category.php.

CVE-2013-2105
Published: 2014-04-22
The Show In Browser (show_in_browser) gem 0.0.3 for Ruby allows local users to inject arbitrary web script or HTML via a symlink attack on /tmp/browser.html.

CVE-2013-2187
Published: 2014-04-22
Cross-site scripting (XSS) vulnerability in Apache Archiva 1.2 through 1.2.2 and 1.3 before 1.3.8 allows remote attackers to inject arbitrary web script or HTML via unspecified parameters, related to the home page.

CVE-2013-4116
Published: 2014-04-22
lib/npm.js in Node Packaged Modules (npm) before 1.3.3 allows local users to overwrite arbitrary files via a symlink attack on temporary files with predictable names that are created when unpacking archives.

CVE-2013-4472
Published: 2014-04-22
The openTempFile function in goo/gfile.cc in Xpdf and Poppler 0.24.3 and earlier, when running on a system other than Unix, allows local users to overwrite arbitrary files via a symlink attack on temporary files with predictable names.

Best of the Web