Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Analytics

6/24/2014
12:00 PM
Connect Directly
Twitter
LinkedIn
Facebook
RSS
E-Mail vvv
50%
50%

Crowdsourcing & Cyber Security: Who Do You Trust?

A collective security defense can definitely tip the balance in favor of the good guys. But challenges remain.

As the interconnectedness of our society in cyberspace has grown exponentially, virtually every aspect of industry has become dependent on cyber networks and therefore on network security. This interconnectedness has increased the need for shared risk, and today communities of organizations must work more collaboratively. But many question -- is it really possible to do this? I would argue that it is possible, and there is progress in the crowdsourcing of cyber security.

Sharing expertise and threat intelligence within the "commons" -- resources affecting an entire community -- enhances the ability of the good guys to respond to the bad guys. Rather than operating in isolated silos, the "sharing" -- sourcing from the crowd -- enables a collective defense that, though not tipping the balance totally in favor of the good guys, certainly improves the potential for a more powerful defense.

The challenge, of course, is how to source from the crowd when trust and transparency are the watchwords of cyber security. How do you ensure the veracity of submissions ("attribution"), represented as the work of good guys and not a potential "Trojan Horse," in a world where anonymity is the norm and may in fact be a legal requirement? How do you establish an audit trail of accountability to ensure trust and transparency? How do you create an incentive system that rewards contributions from the best and brightest?

The "how" is a work in process, but there are three active representative efforts that hold promise for harnessing the creative skills of the broader cyber community at least to raise the barriers against cyber attacks.

Special interest collaborations
Groups of like-minded organizations and individuals are coming together for collaboration around a specific threat or within a defined community.

The Conficker Working Group was formed in late 2008 by a coalition of security researchers for the express purpose of pooling intelligence and expertise to defend against malicious Conficker malware. The effort was noteworthy, not only for its effectiveness, but also for the unprecedented cooperation between private and public-sector organizations and individuals from around the world.

The Financial Services Information Sharing and Analysis Center (FS-ISAC) was launched in 1999 prompted by a 1998 presidential mandate to share information about physical and cyber security threats and vulnerabilities among the public and private sectors in order to protect the US financial community and its critical infrastructure.

FS-ISAC represents a community of trust where the organization continually collects, analyzes, vets, and disseminates relevant threat intelligence to its participating members. This was initially a US-focused effort, but in 2013, the FS-ISAC board of directors approved a charter amendment allowing for the sharing of information with financial organizations around the globe. Its recently completed Critical Infrastructure Notification System (CINS) allows the organization to speed security threats and alerts to multiple recipients around the globe nearly simultaneously while providing for user authentication and delivery confirmation.

"White hat" hired guns
For a number of years, leading technology companies such as Google, Facebook, and PayPal have managed programs where qualified white-hat hackers (and, in some cases, employees) work to detect product and network vulnerabilities in exchange for bounties. These programs have worked not only by internalizing the cat-and-mouse game of cyber attacks in a controlled environment, but also by providing a financially viable alternative to criminal activity for young engineers who are attracted to the technology challenges of hacking but might otherwise be drawn to the "dark side."

A team of former NSA researchers recently formed a Silicon Valley company called Synack. It responds to the rapidly growing community of corporations that want to find a trusted way to source the creative ability to identify and isolate vulnerabilities in their infrastructure but lack the resources and expertise to manage a highly vetted process themselves. Building on extensive career experience, the Synack team has created a network of hundreds of vetted and trusted cyber engineers who are made available to clients for vulnerability remediation on an ongoing subscription, leveraging a "pay for success" model. To ensure trust, Synack actively monitors its community of analysts. The financial services, healthcare, and e-commerce industries are among the early adopters of Synack's Crowd Security Intelligence offering.

Shared threat intelligence
A number of companies, such as AlienVault, Threat/Stream, and CloudFlare, collect threat intelligence from a spectrum of sources and package it for distribution to customers, often as part of an integrated security management platform. Through the collection, aggregation, and vetting process, these vendors look to impart trust to the intelligence they share, which would otherwise come with little transparency. Once again, the intent is to facilitate the sharing of experiences and knowledge within the user community, enabling agility and compressing time to discovery for cyber threats.

There is a great deal of interest in, and activity around, delivering on the full potential of crowdsourcing in meeting dynamic and rapidly evolving cyber security threats. At the same time, it's wise to note that our cyber protagonists have always been at the leading edge of innovative techniques for identifying, harnessing, and directing engineering creativity to achieve their nefarious objectives. In this regard, crowdsourcing may simply be another front in the cyber security wars.

Robert R. Ackerman Jr. is the founder and a Managing Director of Allegis Capital, an early-stage Silicon Valley venture capital firm that invests heavily in cyber security. Allegis cyber security portfolio companies include IronPort Systems (acquired by Cisco), Solera ... View Full Bio
Comment  | 
Print  | 
More Insights
Comments
Oldest First  |  Newest First  |  Threaded View
Marilyn Cohodas
50%
50%
Marilyn Cohodas,
User Rank: Strategist
6/24/2014 | 3:57:35 PM
Good overview on pluses & minuses of crowdsourcing cyber security
Nice blog, Bob. I wonder if you'd care to expand on which "hows" you mention present th greatest challenges for crowdsourcing security. They also sound quite formidable to me! 
RetiredUser
50%
50%
RetiredUser,
User Rank: Ninja
6/25/2014 | 1:38:34 AM
From FOSS Came Crowdsourcing
Well, maybe crowdsourcing wasn't strictly borne from the Free and Open Source Software (FOSS) communities, but it's improved because of them, I believe. I also believe strongly in this model, and I would argue that all along, hackers have been doing this, albeit some on the cyber crime side of things. Often the "everyman" of the enterprise community needs to evolve to think more like the dark side. I wouldn't say that crowdsourcing is beating the enemy because it is a superior methodology to what the hacker and cracker communities (yes, and old ones, at that) are doing, but rather it is moving computer internet security forward because the enterprise is finally catching up with the enemy.

As systems, component applications, their source code and vulnerabilities become more "open" (apologies to Richard Stallman for using the "o" word), everyone is empowered through the ability to make improvements, fix vulnerabilities and share the burden across the community.  One of the killers of the old guard of enterprise models was that everything was closed off, and while each IT silo was on its own, crackers and hackers the world over were sharing tech, exploits and trading anecdotes, strengthening the community and making it more deadly.

About time we got on board and evolved to their level.
RyanSepe
50%
50%
RyanSepe,
User Rank: Ninja
6/29/2014 | 5:58:02 PM
Re: From FOSS Came Crowdsourcing
I agree with you and have alluded to many of the same principles in another article posted. A higher emphasis needs to be put on penetration testing from a party that does not have malicious intent. Many of the security safeguards today are preventative or corrective meaning that they are both to some capacity reactive.

As you say, we need to think like the "dark side" and try to uncover threats and new intrusion methodologies before users of malicious intent do. This is one of the only ways I can see us alleviating some of the potential dangers of zero days.
Where Businesses Waste Endpoint Security Budgets
Kelly Sheridan, Staff Editor, Dark Reading,  7/15/2019
US Mayors Commit to Just Saying No to Ransomware
Robert Lemos, Contributing Writer,  7/16/2019
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
Building and Managing an IT Security Operations Program
As cyber threats grow, many organizations are building security operations centers (SOCs) to improve their defenses. In this Tech Digest you will learn tips on how to get the most out of a SOC in your organization - and what to do if you can't afford to build one.
Flash Poll
The State of IT Operations and Cybersecurity Operations
The State of IT Operations and Cybersecurity Operations
Your enterprise's cyber risk may depend upon the relationship between the IT team and the security team. Heres some insight on what's working and what isn't in the data center.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2019-12815
PUBLISHED: 2019-07-19
An arbitrary file copy vulnerability in mod_copy in ProFTPD up to 1.3.5b allows for remote code execution and information disclosure without authentication, a related issue to CVE-2015-3306.
CVE-2019-13569
PUBLISHED: 2019-07-19
A SQL injection vulnerability exists in the Icegram Email Subscribers & Newsletters plugin through 4.1.7 for WordPress. Successful exploitation of this vulnerability would allow a remote attacker to execute arbitrary SQL commands on the affected system.
CVE-2019-9228
PUBLISHED: 2019-07-19
** DISPUTED ** An issue was discovered on AudioCodes Mediant 500L-MSBR, 500-MBSR, M800B-MSBR and 800C-MSBR devices with firmware versions F7.20A at least to 7.20A.252.062. The (1) management SSH and (2) management TELNET features allow remote attackers to cause a denial of service (connection slot e...
CVE-2019-12725
PUBLISHED: 2019-07-19
Zeroshell 3.9.0 is prone to a remote command execution vulnerability. Specifically, this issue occurs because the web application mishandles a few HTTP parameters. An unauthenticated attacker can exploit this issue by injecting OS commands inside the vulnerable parameters.
CVE-2019-11989
PUBLISHED: 2019-07-19
A security vulnerability in HPE IceWall SSO Agent Option and IceWall MFA (Agent module ) could be exploited remotely to cause a denial of service. The versions and platforms of Agent Option modules that are impacted are as follows: 10.0 for Apache 2.2 on RHEL 5 and 6, 10.0 for Apache 2.4 on RHEL 7, ...