Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Threat Intelligence

4/11/2018
02:00 PM
Paul Kurtz
Paul Kurtz
Commentary
Connect Directly
LinkedIn
RSS
E-Mail vvv
100%
0%

Stopping Cyber Madness: Why the Private Sector Must Lead the Fight

The government's ability to help secure the Internet will be limited given the light speed of the Internet versus the slower pace of government. That's why stopping the madness begins with the private sector.

As long as adversaries can spend $1 on a campaign and force us to spend $10 to protect ourselves, enterprises will lose the war on cybercrime. In the Cold War, the US bled the Soviets dry through a military buildup and Reagan's Star Wars initiative. The Russians and others are now using a similar strategy to financially drain the US public and private sectors in cyberspace.

As the news cycle is inundated with alerts about attacks against our critical infrastructure, cities, and universities, the US Cyber Command has responded with a new "Command Vision." The document provides a sobering read. My attention was drawn to one quote in particular:

Adversaries continuously operate against us below the threshold of armed conflict. In this "new normal," our adversaries are extending their influence without resorting to physical aggression. They provoke and intimidate our citizens and enterprises without fear of legal or military consequences.

While Command Vision sets objectives for the military to regain ground, it is clear that the private sector is also in the crosshairs. State-sponsored and criminal organizations have realized there is little chance of real legal or financial consequences for the foreseeable future. Russia, Iran, and North Korea have found our Achilles' heel. Even worse, they've identified our cyber infrastructure as a vulnerability that is cheap to exploit and makes billions.

But what is the Achilles' heel of cybercriminals? It's that they're lazy. They use advanced persistent infrastructure and tend to reuse tactics, techniques, and procedures over and over again.

Rather than building taller silos of data that become even bigger targets for criminals, US public and private sectors must similarly seek to expand their reach with limited resources. By unifying around common means of intelligence exchange and collaboration, US companies can increase their visibility into events in real-time while keeping costs low. Without effective methods to exchange cyber intelligence, enterprises play victim to attackers' strengths, continuing to build and protect larger data troves with common, single points of failure. As Command Vision states, "We should not wait until an adversary is in our networks or on our systems to act with unified responses across agencies regardless of sector or geography." The same applies to the private sector.

Since 1998, when President Bill Clinton signed Presidential Decision Directive 63, we have been on a quest to fuse data and collaborate. In 2015, Congress enabled organizations to work with each other more easily through the passage of the Cybersecurity Act. In May 2017, President Donald Trump called out the importance of information sharing in his Executive Order on Strengthening the Cyber Security of the Federal Government and Critical Infrastructure. Only now, with the growing frequency and severity of attacks, is the government and the private sector beginning to understand the requirement of collaboration. The Department of Homeland Security has begun to make more detailed information available to the private sector through their Critical Information Sharing Collaboration Program (CISCP), and TruSTAR has seen our customers eagerly participate in these efforts. This is a start, but far more work is necessary.

Enterprises and sharing organizations like the Columbus Collaboratory, the Cloud Security Alliance, and CyberUSA are starting to connect through common collaboration platforms to enable parties to exchange data about suspicious events while retaining control over their data. Sector-based organizations are adopting such technology as well, including the IT and retail sectors. These platforms go beyond threat intelligence and fuse disparate data sets related to fraud and physical security events. Shared technology infrastructure enables companies to work from the inside out, streamlining workflows and creating collaborative bonds within an organization first and moving on to supply chain partners, peers, and entire sectors such as IT and retail.

What's Next?
Joshua Cooper Ramo, in his book The Seventh Sense, notes that government's ability to help secure the Internet will be limited given the light speed of the Internet versus the pace of government's ability to act. Stopping the madness begins with the private sector today.

Interop ITX 2018

Paul Kurtz will be headlining Dark Reading's Cybersecurity Crash Course, May 1, at Interop ITX. Check out the agenda here.

Related Content:

 

Paul Kurtz is the CEO and cofounder of TruSTAR Technology. Prior to TruSTAR, Paul was the CISO and chief strategy officer for CyberPoint International LLC where he built the US government and international business verticals. Prior to CyberPoint, Paul was the managing partner ... View Full Bio
Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Mobile Banking Malware Up 50% in First Half of 2019
Kelly Sheridan, Staff Editor, Dark Reading,  1/17/2020
7 Tips for Infosec Pros Considering A Lateral Career Move
Kelly Sheridan, Staff Editor, Dark Reading,  1/21/2020
For Mismanaged SOCs, The Price Is Not Right
Kelly Sheridan, Staff Editor, Dark Reading,  1/22/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment:   It's a PEN test of our cloud security.
Current Issue
IT 2020: A Look Ahead
Are you ready for the critical changes that will occur in 2020? We've compiled editor insights from the best of our network (Dark Reading, Data Center Knowledge, InformationWeek, ITPro Today and Network Computing) to deliver to you a look at the trends, technologies, and threats that are emerging in the coming year. Download it today!
Flash Poll
How Enterprises are Attacking the Cybersecurity Problem
How Enterprises are Attacking the Cybersecurity Problem
Organizations have invested in a sweeping array of security technologies to address challenges associated with the growing number of cybersecurity attacks. However, the complexity involved in managing these technologies is emerging as a major problem. Read this report to find out what your peers biggest security challenges are and the technologies they are using to address them.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-7245
PUBLISHED: 2020-01-23
Incorrect username validation in the registration processes of CTFd through 2.2.2 allows a remote attacker to take over an arbitrary account after initiating a password reset. This is related to register() and reset_password() in auth.py. To exploit the vulnerability, one must register with a userna...
CVE-2019-14885
PUBLISHED: 2020-01-23
A flaw was found in the JBoss EAP Vault system in all versions before 7.2.6.GA. Confidential information of the system property's security attribute value is revealed in the JBoss EAP log file when executing a JBoss CLI 'reload' command. This flaw can lead to the exposure of confidential information...
CVE-2019-17570
PUBLISHED: 2020-01-23
An untrusted deserialization was found in the org.apache.xmlrpc.parser.XmlRpcResponseParser:addResult method of Apache XML-RPC (aka ws-xmlrpc) library. A malicious XML-RPC server could target a XML-RPC client causing it to execute arbitrary code. Apache XML-RPC is no longer maintained and this issue...
CVE-2020-6007
PUBLISHED: 2020-01-23
Philips Hue Bridge model 2.X prior to and including version 1935144020 contains a Heap-based Buffer Overflow when handling a long ZCL string during the commissioning phase, resulting in a remote code execution.
CVE-2012-4606
PUBLISHED: 2020-01-23
Citrix XenServer 4.1, 6.0, 5.6 SP2, 5.6 Feature Pack 1, 5.6 Common Criteria, 5.6, 5.5, 5.0, and 5.0 Update 3 contains a Local Privilege Escalation Vulnerability which could allow local users with access to a guest operating system to gain elevated privileges.