Collaborative defense, the shift from ‘what’ to ‘how’
November 3, 2016
Boston—Cybersecurity experts and those new to the space gathered together at the Federal Reserve Bank to join the Advanced Cyber Security Center (ACSC) for Massachusetts Cybersecurity 2.0: Preparing for the Next Wave of Cyber Challenges.
Whether it’s securing self-driving cars, cloud computing, or exposing criminals in the Darknet, the industry will face many challenges in the near and distant future. Cybersecurity leaders across all sectors are struggling to understand the most effective ways to share threat data without creating additional harm.
So, the focus of this year’s ACSC conference highlighted the value of using information sharing as a means of helping others to defend against malicious cyber activity.
After a welcome by Kenneth C. Montgomery, first vice president and chief operating officer, Federal Reserve Bank and vice chair, ACSC, a panel took the stage to discuss, “The case for collaborative defense: Beyond threat sharing.”
Moderator, William Guenther, chairman, CEO and founder, Mass Insight Global Partnerships, and chair, ACSC posed the question of how collaboration can benefit security practitioners before, during, and after an incident.
Across all of the larger enterprises and government entities, there indeed are some fantastic intelligence teams. Those intelligence teams and operations teams could be beneficial to the industry at large, but to the SMBs in particular.
Still, there are legal impediments to collaboration and information sharing that need to be considered. “ The better educated legal teams can be, the better they are going to understand the liability of risk,” said Michael Darling, director, cybersecurity and privacy, PwC.
For most events, there is not a lot that can help in the middle of an incident response. “If you did a good job of the proactive piece, then your incident response time shrinks to minutes or hours instead of months or years,” Darling said.
Keynote speaker, Richard Puckett, vice president, cybersecurity, product and commercial security at GE Digital, said that the security practitioners have two goals. “Either make incidents not happen or make them less bad.”
Accepting that incidents will happen has become commonplace, so the best they can do pre-incident is a thorough self-examination. Look at the existing controls and policies and ask, “Have I segregated? What are the best practices associated with that? In the pre-incident phase, there is forensic sharing to help with understanding techniques,” Puckett said.
Differing slightly from the opinion of his panel colleagues, Puckett said, “During an incident there is an opportunity for shared purchasing power. Can you make it cheaper because you have a prearranged retainer and you bought it in bulk?”
When collaborative defense has great value, though, is in the aftermath of an attack. After discerning not only the ‘what’ but the ‘how’ of the events, the response can then serve as a model to guide industry peers within or across sectors.