04:40 PM

Why Cybersecurity Partnerships Matter

The public and private sectors must collaborate in new ways to ward off dangerous threats to critical systems and IT infrastructure.

Hub Of Activity

Homeland Security's National Cyber Security Division (NCSD), which includes US-CERT and the National Coordinating Center for Telecommunications, is a hub of activity for these joint efforts. IT personnel from the private sector routinely work within the division's National Cybersecurity and Communications Integration Center, which opened in 2009. During a tour of the facility last year, InformationWeek learned that NCCIC had been in touch with Facebook and Twitter about possible attacks on their sites.

The center is establishing ties with 18 industries that it deems critical, including telecom and energy, as a way to keep lines of communications open and provide assistance where needed. A group within NCSD that concentrates on attacks against critical infrastructure took the lead in the government's investigation last year of the Stuxnet worm, which infected thousands of specialized computers in Iran, Indonesia, India, and elsewhere, according to Symantec. NCSD also led Cyber Storm III, a war game in which dozens of companies participated.

During the past year, some of the tech industry's biggest players have worked with the feds to investigate cybersecurity incidents. Microsoft, for instance, engaged CERT teams to take down the Waledec botnet, which infected tens of thousands of Windows-based computers worldwide. About that same time, Google reportedly turned to the National Security Agency to analyze a security breach of its systems that originated in China.

At the Pentagon, DOD officials now meet "regularly" with their counterparts at technology and defense companies to identify vulnerabilities and get ahead of threats, according to Deputy Secretary Lynn.

The Challenges

While the benefits of public-private partnerships are clear, the challenges are pervasive: a lack of trust between parties; laws and regulations that discourage full disclosure of information; the vested interests of security vendors; fear of bad publicity and customer backlash; and silos and turf wars within government agencies.

New rules of engagement are needed to break down those barriers. Incidents such as last year's leak of government documents on WikiLeaks and the penetration of Nasdaq servers by unknown attackers could have and should have been prevented. "Open source"--that is, open to all--data consolidation, analysis, and remediation efforts are what's needed.

The opportunity is in harnessing a wider array of perspectives and ideas than happens now with a closed loop of participants. We know it's possible because we do it already with software and hardware vulnerabilities in the form of the Common Vulnerability and Exposures, or CVE. With Mitre as the editor and numbering authority for CVE identifiers, data gets collected and used across the industry.

William Lynn, Department of Defense
"Working together is one of the great technical challenges of our time." --William Lynn, Department of Defense
What more can be done to improve cybersecurity? I argue for these next steps in public-private collaboration:

>> Establish real-time events tracking across organizations and sectors of the economy. We have the technology and the knowledge to identify an increase in threat activity or behavior across systems. Let's use them.

>> Conduct intelligent activity analysis, also in real time, to identify where threats originate, their targets, and their activity and behavior.

>> Identify and share the sources of abnormal and malicious traffic.

>> Establish an organization of vendors, businesses, and researchers that develops capabilities for dynamic defense and response.

Imagine what researchers and engineers could do if these pieces were put into place. Internal security teams could batten down the hatches quickly, while security vendors could immediately incorporate the necessary changes in their products and push out patches and updates.

But how to begin? There are two existing models outside of the security industry for how this might work. One is a stock exchange, which serves as a clearinghouse for transactions and a hub of market and economic information. There's also the example of the National Weather Service, where data gets shared and repurposed widely by third parties that use it to create value for their customers. If we can track financial transactions by the billions and forecast weather events days in advance, we should be able to get a better handle on cyberthreats as well.

We need to muster our creativity and entrepreneurial mojo to come up with workable solutions. Stuxnet exemplifies the risks we face. The worm was aimed at industrial control systems, which run the gamut of critical infrastructure, from nuclear power plants to oil refineries. It was built with great care to stealthily embed into systems, propagate, and update by "phoning home."

2 of 4
Comment  | 
Print  | 
More Insights
Register for Dark Reading Newsletters
White Papers
Current Issue
Dark Reading Tech Digest September 7, 2015
Some security flaws go beyond simple app vulnerabilities. Have you checked for these?
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
Published: 2015-10-12
vpxd in VMware vCenter Server 5.0 before u3e, 5.1 before u3, and 5.5 before u2 allows remote attackers to cause a denial of service via a long heartbeat message.

Published: 2015-10-12
The JMX RMI service in VMware vCenter Server 5.0 before u3e, 5.1 before u3b, 5.5 before u3, and 6.0 before u1 does not restrict registration of MBeans, which allows remote attackers to execute arbitrary code via the RMI protocol.

Published: 2015-10-12
Cisco Unified Computing System (UCS) B Blade Server Software 2.2.x before 2.2.6 allows local users to cause a denial of service (host OS or BMC hang) by sending crafted packets over the Inter-IC (I2C) bus, aka Bug ID CSCuq77241.

Published: 2015-10-12
The process-management implementation in Cisco TelePresence Video Communication Server (VCS) Expressway X8.5.2 allows local users to gain privileges by terminating a firestarter.py supervised process and then triggering the restart of a process by the root account, aka Bug ID CSCuv12272.

Published: 2015-10-12
HP 3PAR Service Processor SP 4.2.0.GA-29 (GA) SPOCC, SP 4.3.0.GA-17 (GA) SPOCC, and SP 4.3.0-GA-24 (MU1) SPOCC allows remote authenticated users to obtain sensitive information via unspecified vectors.

Dark Reading Radio
Archived Dark Reading Radio
What can the information security industry do to solve the IoT security problem? Learn more and join the conversation on the next episode of Dark Reading Radio.