Hack victims urged to share the gory details

September 12, 2013

Colin Neagle

Advanced Cyber Security Center fosters voluntary information sharing among private organizations as a way of staying ahead of the bad guys

It may be difficult to remember now, but not too long ago, cyberattacks rarely made headlines in mainstream news. That's not to say that these advanced persistent threats, sometimes state-sponsored or the product of organized crime, were uncommon. On the contrary, they were booming. It was just that few people liked to talk about them.

Bill Guenther, the chairman, CEO and founder of Mass Insight Global Partnerships in Boston, recalls the bleak cybersecurity outlook in 2008. At the time, Mass Insight had teamed with McKinsey on a survey that found that, for many of the organizations, the most valuable information about recent cyberattacks was often the safest to share. The organizations that had suffered attacks could release the evidence of specific attacks, such as the signatures the attackers leave behind, without giving away sensitive information about their operations.

However, at the time, there was one problem – no one wanted to do it, even though the attackers had been doing it all along.

“The bad guys share information informally, sometimes formally. There are auction markets for tools and resources and attack strategies,” Guenther says. “And the good guys, each of them had a piece of the puzzle, but nobody was seeing the whole puzzle, and there was real value in sharing information.”

So, in 2008, Mass Insight Global Partnerships launched the Advanced Cyber Security Center (ACSC), a nonprofit, cross-sector consortium of Massachusetts-based organizations designed to foster voluntary cyberthreat information sharing. At the time, asking private organizations to share information about their cybersecurity and vulnerabilities meant asking them to change how they handled security in general.

“We’re talking about human behavior here,” Guenther says. “And we’re basically talking about how you change incentives from an incentive to run a closed shop to one to run a slightly opened shop within a protected circle.”

Beyond the trust issue, a big obstacle the ACSC has seen is a reluctance to adopt a new mentality regarding cybersecurity, Charlie Benway, the organization’s executive director, says.

“What’s happening from a bigger-picture perspective is there’s a shift in paradigm going on in cybersecurity, and there’s a maturity spectrum here, and some folks are still at the beginning of the maturity curve, where it’s the old philosophy of ‘I have to set up firewalls, I have to keep people out and I’ve got to do my patches, and that’s what I need to do,’” Benway says.

In the past few years, mainstream media has caught on to major cyberattacks. That publicity has led many organizations to accept the fact that they may not be able to prevent every attack, Benway says. This shift in paradigm led many CISOs to acknowledge that they may be better off gaining as much intelligence on the attackers and their methods as possible. Instead of approaching security from the perspective of vulnerabilities, the ACSC advocates focusing on the threats.