Collaborative Defense in depth: Establishing trust, consistency and value

November 16, 2016

The Advanced Cyber Security Center’s annual conference incuded a breakout session exploring the concept of “Collaborative Defense.”

Moderator:

Gary Gagnon, Senior Vice President Cyber and Group Security, Inmarsat

Panelists:

Don Anderson, Senior Vice President & Chief Information Officer, Federal Reserve Bank of Boston
Mike Brown, Rear Admiral, USN (Retired), Vice President and General Manager, RSA Global Public Sector, RSA
Brian Castagna, Senior Director Information Security, Acquia
Matt Richard, Threat Detection and Intelligence Manager, Facebook

Key themes:

Expanding the concept and breadth of collaborative defense

The focus on capabilities (this is where we are here today) need to evolve toward focusing on needs in a new paradigm:

• Bringing people together in context where security/trust is well understood

• Public and private together, putting it all on the table to develop roles and responsibilities

Cloud-based: what does that mean collaborative defense-wise

• Keeping with castle and moat analogy, 3rd party providers are bridges over moat

• Forensics process becomes more complicated with all those bridges

Dependence on personalities within web of trust

• All the resources and time to build that web are wasted when personnel changes

• Breach of competitor affects customer trust of entire sector, not just the competitor

Justifying effort into building relationships and trust in small shops

• Individual networking doesn’t scale

• Operationalizing capability derived from collaborators coming together

• Success cases usually have a big win first collaboration moment

Choosing a platform to share on

• No silver bullet. What are the public/private entities that are important to my mission? Identifying organizations to turn to

• Large-scale sharing is hard to do, even with lots of resources and tools

Metrics

• Do I know more because of my collaboration? = big question

• Are there unique outcomes due entirely to collaboration? = “Gold standard”

• Produce more than what you consume = goal as a collaboration partner

Key takeaways

• Share everything (software, tools, indicators, etc.)

• Trust is key

• No one-size fits all ISAC. Journey doesn’t stop after joining just one

• Continue to evolve concept of collaborative defense