Intelligence sharing: The crucial link for cybersecurity


Jane Snowdon is chief innovation officer in IBM's U.S. federal government division.

It is estimated that 80 percent of cyberattacks against both private- and public-sector organizations are committed by organized crime rings. These rings regularly work to access protected data, reveal personally identifiable information, steal identities and wreak havoc.

As this trend shows, the world is becoming more instrumented, interconnected, and intelligent with the accelerated proliferation of smart devices. Cyber criminals are taking advantage of this trend by targeting all types of systems, including those for critical energy, financial, water, and transportation infrastructure. Sharing threat data in meaningful and impactful ways can go a long way in helping stem the tide against cybercrime rings, but it requires innovative approaches and true public-private partnership.

This was a major topic at the George Mason University-IBM-National Science Foundation (NSF) Cybersecurity Leadership and Smart Grid Conference on April 30. As part of the event, I moderated a panel, "Considerations for Securing Industrial Control Systems." During the session, we addressed how to build effective leadership and governance on cybersecurity and take a holistic view of end-to-end security. Some best practices are to:

  • style="margin-left: 0.25in;">Focus on human behavior and education
  • style="margin-left: 0.25in;">Design security in, not as an afterthought, to achieve overall resilience of a system
  • style="margin-left: 0.25in;">Adopt industry standards and continue to evolve them
  • style="margin-left: 0.25in;">Employ separation of duties between Information Technology (IT) and Operational Technology (OT)
  • style="margin-left: 0.25in;">Store encrypted Supervisory Control and Data Acquisition (SCADA) data
  • style="margin-left: 0.25in;">Embrace analytics for rapid detection and rapid response

One of the most important tools we discussed was sharing cyber intelligence information across respective industries. Most companies insufficiently share threat data, but it is of increasing importance as cyberattacks become more frequent. In 2013, the FBI notified 3,000 U.S. companies – including small banks, major defense contractors and leading retailers – that they had been victims of cyber intrusions. These numbers are increasing because of growing sophistication by cybercriminals: four out of five cyber-attacks are conducted by criminal organizations that seamlessly share information and insights, according to the United Nations Office on Drugs and Crime.

"The increasing level of collaboration among cyber criminals allows them to compartmentalize their operations, greatly increasing the sophistication of their criminal endeavors and allowing for development of expert specialization," William Noonan, deputy special agent in charge for the U.S. Secret Service Criminal Investigative Division, said in testimony before a House subcommittee.

The annual cost of cybercrime has reached astronomical heights. Despite the Center for Strategic and International Studies estimating a global cost of $445 billion, organizations are not responding with equally effective and collaborative defenses. Enterprise Strategy Group found that more than half of in-house cybersecurity teams use multiple sources of trusted and untrusted external intelligence to fight attackers.

Companies and government can help reverse this trend. IBM's X-Force Exchange, a new cyber threat intelligence sharing platform, is just one of many examples of the types of tools needed to combat cybercrime.

Also, the Department of Energy's Cybersecurity Risk Information Sharing Program has a vision for a trusted bi-directional information sharing partnership with its energy sector partners by 2019 to enhance the security of energy sector infrastructure systems and to improve the U.S. Government's near real-time situational awareness. Rapidly sharing cyber threat indicators like this is key to helping companies and governments protect private information, and to providing insight into threats that they would not have seen otherwise.

Protection of data is additionally enhanced when this information is joined with advanced analytics. Since cyber attackers can no longer be blocked solely with firewalls, the real-time detection of security events within an organization's infrastructure is a key element of network defense. Active monitoring, correlated events, integrated reporting, and global threat intelligence are required to improve visibility of potential threats and mitigate risk.

Both Congress and the Obama administration are taking positive steps to help organizations better share cyber threat intelligence in real-time, enhancing the protection of their information and that of their employees. This will be helpful as the Internet becomes more complicated: by some estimates, the Internet of Things (IoT) will grow to 30 to 50 billion connected devices by 2020. Organizations across industries must grasp the scale of the IoT transformation that will occur over the next decade and the pressing problem of increasingly more complex and sophisticated cyber threats and evolving risk of connected systems.

For organizations to truly grasp this, they must continue finding innovative ways to share cyber threat data without compromising privacy.

Recommended for you
Around The Web