Why critical sectors share threat intelligence
If you’re a corporate cyberdefender who has just repelled a particularly clever attack, one might expect you to treat the experience like a bit of a fleeting competitive advantage – if your rivals don’t see the hackers coming, why not leverage that fact in your favor?
That’s not only the wrong way to look at the puzzle of improving the nation’s cyberdefenses but also not what companies are doing today, said a group of leaders from critical infrastructure sectors at the Security of Things Forum in Washington, D.C. in late October.
In a deeply interconnected industry, one point of weakness could cause impacts to critical systems across the network. Good threat intelligence often ceases to have a competitive advantage in the financial services sector, for example, because if one bank is compromised, it erodes public trust in all banks, said Amit Khosla, business information security officer at US Bank.
In fact, the intelligence gained in one critical industry during an attack can be invaluable when shared with another sector.
“[Critical sectors] need to have the same level of partnership [as among government agencies] to make more efficient our threat information sharing, our ability to respond and recover, the deployment of tools and technology and just the general awareness that allows for better security, better defending, better response and recovery,” says Scott Aaronson, executive director, security and business continuity at the Edison Electric Institute (EEI).
While their importance to the nation is obvious, it’s also key that sectors like water, gas, finance, transportation, electricity, telecommunications and other critical industries rely on each other to an equally significant degree.
After all, without steam to generate power, or electricity to power servers, or wires to transport data to businesses, how can modern commerce operate? Remove any link and the chain breaks.
Aaronson and Robert Mayer, VP of industry and state affairs with the United States Telecom Association, underscored the importance of having developed inter-sector information sharing relationships ahead of time, rather than having to muddle through bureaucracy and a lack of trust in the middle of a crisis.
In recent years, moments of crisis have proven the worth of organizations that facilitate threat intelligence sharing, like information security and analysis centers (ISACs).
When Ukraine’s power grid was attacked by hackers, Aaronson says the Electriciy-ISAC was able to gather and distribute good intelligence; including sending a team of experts to Ukraine to help get their problem under control, while also learning from the experience and bringing that knowledge back to North America.
These sharing regimes remain voluntary and, while it has taken time for companies to warm up to the idea, trust and value are growing to bolster these sector-specific information sharing platforms.
“There’s a difference between quality and quantity,” says Mayer.
As companies become more comfortable sharing actionable intelligence, combined with liability protections passed into law last year, it is becoming evident the culture is starting to shift. That shift, perhaps more than anything else, will change the way critical industries respond in a crisis and make their responses more effective.
Having recognized their sectors profound interdependencies, Aaronson, Khosla, and Meyer are leading an effort by their respective sector coordinating councils to develop a Strategic Infrastructure Coordinating Council to improve cross sector communication, coordination, and situational awareness before, during and after a significant incident.
“There’s a notion of North-South information sharing between industries and government-specific sectors,” says Aaronson, “but there needs to be an East-West [that goes] across sectors, too.”
