Ways to Overcome Information Sharing Distrust

Posted by Marbenz Antonio on November 8, 2022

RSA Conference: H-ISAC, Microsoft, 30+ Others Sign Cyber Risk Management  Pledge

It has never been more important for governments and private organizations to communicate to identify, analyze, and prevent attacks as cyber threats grow in frequency and severity worldwide. However, Information Sharing Distrust poses a significant challenge to effective collaboration in cybersecurity efforts.

The reality is less than impressive, although the federal government has strongly supported sharing private-public information. Many businesses think that data sharing is too one-sided because they provide as much threat data to governments as they like while getting almost little in return.

Is it still difficult and impossible to share information with private organizations, as it originally was, or have government entities like the FBI and CISA made significant changes?

Information Sharing Distrust: Private-Public Intel Sharing — What Changed Since 2021?

Lots of new cyber threats appeared in 2022, many of which are connected to the conflict between Russia and Ukraine. The trust in government cybersecurity collaboration has remained low despite the growing number of threats.

This 2021 article questioned the government’s capacity or willingness to handle some significant security-related questions, including:

  • Where was the data found?
  • Who was the attacker?
  • How was the attack uncovered?
  • What defensive measures were in place at the time of the attack?
  • What details are shareable versus what could prompt a secondary attack?

In 2022, has the situation changed? Also still, the outlook is not excessively hopeful despite some promising signs.

According to an oversight report issued by the Office of Inspector General at the Department of Homeland Security (DHS), the government entities failed to provide sufficient context and information about the cyber threat data they shared with third parties.

“Most of the cyber threat indicators did not contain enough contextual information to help decision-makers act. We attribute this to limited AIS functionality, inadequate staffing, and external factors,” the report states.

Government agencies appear to be failing to give the private sector clear, contextually relevant, and important information that may help them improve their security postures and take the proper defensive action, despite the assault of new cyber threats.

Information Sharing Distrust: Private-Public Information Sharing in the Global Sphere

Major cyber events may have lessened some of the distrust between sectors in the face of these challenges.

The Ukraine war, which started in early 2022, raised numerous new security issues for both public and commercial entities. The increased threat prompted the government to give private enterprises access to intel primary consideration.

Director Christopher Wray of the FBI promised to collaborate more closely with the business sector in a statement released in March.

“Today, with the ongoing conflict raging in Ukraine, we’re particularly focused on the destructive cyber threat posed by the Russian intel services, and cybercriminal groups they protect and support. We have cyber personnel working closely with the Ukrainians and our other allies abroad, and with the private sector and our partners here.”

The statement’s specific acknowledgment of the importance of the private sector’s contribution to national cybersecurity was reassuring:

“The biggest difference between the model we built to fight terrorism and the way we battle cyber threats is the importance of the private sector. Private networks, whether they belong to a pipeline operator, some other kind of victim, or an Internet service provider, are most often the place we confront adversaries. We share information with the private sector whenever we can through one-on-one outreach, through cyber threat bulletins, and through our many partnerships.”

Although these statements are a positive move, it is still too early to tell whether they will result in actual business actions. To that end, ISAC involvement is a helpful indicator in this case.

ISAC Participation is Up

Information Sharing Distrust and Analysis Centers, or ISACs, are organizations created to provide a place for gathering and sharing data on important cyber threats. The goal is to make it simpler for the public and private sectors to share data. A shift toward a healthier, more productive, and equal intelligence-sharing relationship could be suggested by increased engagement of the private sector in these organizations.

The news appears to be positive on the surface. The number of ISACs is steadily increasing, and new ones are routinely introduced. Supposedly, this is a strong foundation for greater intel-sharing cooperation between the public and private sectors, but what is happening?

Inadequate Information Weakens Cooperation

The government’s lack of further information and direction when reporting threats has been one of the problems with intelligence sharing in the past.

Governments sometimes share information regarding the existence of a particular threat without offering any suggestions for how to handle or eliminate it. Unfortunately, in 2022, the complaint is still useful.

The insight report from the Department of Homeland Security says that CISA didn’t always provide enough data to help private businesses successfully solve vulnerabilities.

The report noted that “deficiencies in the quality of threat information shared among AIS participants may hinder the federal government’s ability to identify and mitigate potential cyber vulnerabilities and threats.”

What Can Be Done Immediately to Advance Private-Public Threat Intelligence Sharing?

What does the future therefore hold? Plans to improve information sharing have been mentioned by CISA. the DHS report says:

“During the past 18 months, CISA’s Cybersecurity Division has added additional contractual resources to better support information sharing and is also assessing a longer-term approach to allocate resources to fully support this critical mission area.”

The project is planned to be finished on January 31, 2023.

If information exchange between sectors improves, only time will tell. While government organizations offer positive signs and half-promises, the private sector is forced to make do with whatever information is available and hope it will be sufficient.

Because of legal requirements or the need to maintain a competitive edge, organizations have historically been reticent to disclose security information. However, community resources like IBM’s X-Force Exchange can encourage safer and easier collaboration.

This is what adversaries already do, so why shouldn’t the business? Better sharing procedures can always help companies in lowering threat risk, regardless of the information-sharing technique used—whether it be an ISAC or another one.

Verified by MonsterInsights