The National Cybersecurity Strategy released earlier this year calls for technology providers to take greater responsibility for protecting computer systems, rather than relying on individuals and small businesses to shoulder the risk. However, public-private partnerships also have the potential to offer equal footing to organizations that may not have the resources of larger companies. Such partnerships can, if done well, democratize information and strengthen the security posture of all companies.
Most cybersecurity measures are designed for large tech firms with financial and cybersecurity staff and expertise to defend and mitigate breaches. However, smaller companies without similar resources are particularly vulnerable to such attacks, which can easily destroy their businesses. The liability shift proposed in the National Cybersecurity Strategy will help repair this trickle-down cost burden. However, it is better information sharing that will level the playing field across the industry.
The Cybersecurity Information Sharing Act (CISA) of 2015 has increased the amount of exchange of cyber-threat information between the government and the private sector. The private sector reports cyber incidents, and the government shares cyber-threat information. Although some private organizations are hesitant to share information because of legal or regulatory concerns or fear that information may be misused, security vendors and researchers are more motivated to participate.
The argument in favor of working with a smaller number of larger vendors is that it will minimize the chance of leaks while protecting the most people because they will have more threat intelligence to share. However, making research collaborations more inclusive would not only level the playing field between vendors, but also increase the diversity of threat intel sources and apply more human expert intelligence to addressing cybersecurity problems. The industry will have better collective defenses if it is less siloed with its information-sharing processes.
Security researchers are sharing information and resources on a grassroots level, applying their knowledge to help defensive teams. Researchers are also helping each other make better use of tools like YARA, which was created to enable malware research. These collaborations and exchanges strengthen the ecosystem and advance the field of learning in a space where attackers have the clear advantage.
The National Cybersecurity Strategy also suggests using technology solutions to enable collaboration and data exchange for defensive efforts, such as machine-to-machine data sharing and security orchestration. However, most organizations are currently overwhelmed by data and struggle to operationalize their threat intelligence. Therefore, increasing the volume of data is not necessarily the solution, but rather, enabling businesses to analyze data and make it actionable.
In conclusion, the National Cybersecurity Strategy is a bold plan and call-to-action to address cybersecurity issues that put our country at risk. Public-private information sharing is critical to enable organizations, private businesses, and government to protect the data and systems on which our economy and public safety rely. To be more effective, collaboration should be inclusive and representative of the security industry as a whole.
<< photo by Mati Mango >>
