When the North Atlantic Treaty Organization — NATO — wrapped up its
summit in Wales earlier this month, the member-states issued a lengthy
communique expressing solidarity on major defense challenges. One of
the challenges mentioned was cybersecurity. The alliance stated that
“cyber defence is part of NATO’s core task of collective defence,”
presenting concerns so severe that they might lead to invocation of
Article Five of the North Atlantic Treaty — the article calling on all
members to come to the defense of a threatened nation. The communique
went on to stress that “strong partnerships play a key role in
addressing cyber threats and risks,” and committed alliance members to
intensified cooperation in pursuit of integrated solutions.
It isn’t hard to see why NATO is worried about threats in cyberspace, given Russia’s recent use of on-line attacks against Ukraine and other countries in a style of combat that has come to be called “hybrid warfare.” However, a report by the Pentagon’s prestigious Defense Science Board released last year suggests that the cyber challenge reaches far beyond the use of botnets and distributed denial-of-service tactics. Describing the extensive vulnerability of U.S. military forces to cyber assault, the report then observed,
The impact of a destructive cyber attack on the civilian population would be even greater with no electricity, money, communications, TV, radio or fuel (electrically pumped). In a short time, food and medicine distribution systems would be ineffective; transportation would fail or become so chaotic as to be useless. Law enforcement, medical staff, and emergency personnel capabilities could be expected to be barely functional in the short term and dysfunctional over sustained periods.
These sustained periods, the science board stated, might last “months or years” as government and industry sought to rebuild damaged infrastructure — a possibility that led the panel to compare the specter of state-sponsored cyber attacks to the threat of nuclear war. So if you think that 56 million payment cards being compromised at Home Depot HD 0% is about as bad as cyber threats can get, think again. Civilians and soldiers alike have hardly begun to experience how destructive the coming age of information warfare is going to be.
But like NATO, private industry is beginning to grasp the challenge. And also like NATO, industry has begun to embrace the value of collective defense in meeting that challenge. Earlier this month, McAfee and Symantec SYMC -0.04% — the nation’s two biggest cybersecurity firms — agreed to join a Cyber Threat Alliance founded in May by Fortinet and Palo Alto Networks PANW +0.73%. The goal of the new consortium, quoting a white paper it issued, is “to disperse threat intelligence on advanced adversaries across all member organizations to raise the overall situational awareness in order to better protect their organizations and their customers.”
What that rather bland formulation indicates is that even the biggest players in cybersecurity have come to doubt that the kind of “advanced persistent threats” they are now encountering can be defeated unless industry emulates NATO in embracing some form of collective defense. In the past, companies like McAfee and Symantec would have resisted the kind of deep collaboration now being proposed for fear of losing competitive advantage. But attacks on networks and data repositories have become so pervasive and clever that collective defense — the one-for-all and all-for-one approach — may be crucial to averting castastrophe.
(Disclosure: Several of the federal government’s biggest providers of cybersecurity services contribute to my think tank; some are consulting clients.)
Under this emerging construct, the industry alliance will focus on generating actionable intelligence about zero-day exploits and other dangers that can be quickly disseminated to members. Zero-day exploits are attack vectors and methods not previously observed for which no off-the-shelf solution currently exists. They may require drastic action like shutting down a network before it can be thoroughly compromised, and because time is of the essence the dissemination of threat details will probably have to be automated. Over time, the Cyber Threat Alliance will generate standards spelling out how this should be done, presumably using software such as the Trusted Automated Exchange of Indicator Information (TAXII) framework developed by MITRE and the Department of Homeland Security.
Industry’s bid for greater collaboration in meeting the cyber challenge has been matched by efforts at broader cooperation by the government. For instance, during the first Obama Administration, former Deputy Secretary of Defense Bill Lynn drove efforts to forge a cybersecurity alliance between his department and its contractors, which now has blossomed into the Defense Industrial Base Cybersecurity/Information Assurance Program. Under that program, industry and the military share information about cyber threats that is quickly analyzed and disseminated to counter emerging dangers. A broader effort managed in conjunction with the Department of Homeland Security provides similar support to companies operating critical infrastructure — including sometimes sharing highly classified threat indications.
However, a well-known federal advisor in such matters told me this week that the government unwittingly creates disincentives for industry to cooperate, for example by failing to protect sensitive information provided by companies that have experienced cyber attacks. McAfee president Gert-Jan Schenk has cited the absence of legislation promoting cross-national collaboration on cyber threats as one area where industry has to work harder to make up for government’s failure to act. His enterprise, which has invested heavily in cybersecurity research since being acquired by Intel in 2011, has become a leading proponent of collaborative efforts at closing the seams between organizations and domains that on-line criminals exploit.
So it seems that collective defense is no longer solely the province of diplomats and military allies. Companies, even when they are competing in the same markets, increasingly see the advantages of working together to counter shared threats. Some will say this demonstrates the ability of market forces to encourage enlightened behavior even when government does not intervene. However, a more sobering interpretation is that cyber threats are becoming so sophisticated and alarming they are forcing changes in the way people behave. Whichever interpretation you favor, it’s clear that collective defense is becoming an organizing principle for global cybersecurity efforts.
http://www.forbes.com/sites/lorenthompson/2014/09/19/cyber-alliances-collective-defense-becomes-central-to-securing-networks-data/
It isn’t hard to see why NATO is worried about threats in cyberspace, given Russia’s recent use of on-line attacks against Ukraine and other countries in a style of combat that has come to be called “hybrid warfare.” However, a report by the Pentagon’s prestigious Defense Science Board released last year suggests that the cyber challenge reaches far beyond the use of botnets and distributed denial-of-service tactics. Describing the extensive vulnerability of U.S. military forces to cyber assault, the report then observed,
The impact of a destructive cyber attack on the civilian population would be even greater with no electricity, money, communications, TV, radio or fuel (electrically pumped). In a short time, food and medicine distribution systems would be ineffective; transportation would fail or become so chaotic as to be useless. Law enforcement, medical staff, and emergency personnel capabilities could be expected to be barely functional in the short term and dysfunctional over sustained periods.
These sustained periods, the science board stated, might last “months or years” as government and industry sought to rebuild damaged infrastructure — a possibility that led the panel to compare the specter of state-sponsored cyber attacks to the threat of nuclear war. So if you think that 56 million payment cards being compromised at Home Depot HD 0% is about as bad as cyber threats can get, think again. Civilians and soldiers alike have hardly begun to experience how destructive the coming age of information warfare is going to be.
But like NATO, private industry is beginning to grasp the challenge. And also like NATO, industry has begun to embrace the value of collective defense in meeting that challenge. Earlier this month, McAfee and Symantec SYMC -0.04% — the nation’s two biggest cybersecurity firms — agreed to join a Cyber Threat Alliance founded in May by Fortinet and Palo Alto Networks PANW +0.73%. The goal of the new consortium, quoting a white paper it issued, is “to disperse threat intelligence on advanced adversaries across all member organizations to raise the overall situational awareness in order to better protect their organizations and their customers.”
What that rather bland formulation indicates is that even the biggest players in cybersecurity have come to doubt that the kind of “advanced persistent threats” they are now encountering can be defeated unless industry emulates NATO in embracing some form of collective defense. In the past, companies like McAfee and Symantec would have resisted the kind of deep collaboration now being proposed for fear of losing competitive advantage. But attacks on networks and data repositories have become so pervasive and clever that collective defense — the one-for-all and all-for-one approach — may be crucial to averting castastrophe.
(Disclosure: Several of the federal government’s biggest providers of cybersecurity services contribute to my think tank; some are consulting clients.)
Under this emerging construct, the industry alliance will focus on generating actionable intelligence about zero-day exploits and other dangers that can be quickly disseminated to members. Zero-day exploits are attack vectors and methods not previously observed for which no off-the-shelf solution currently exists. They may require drastic action like shutting down a network before it can be thoroughly compromised, and because time is of the essence the dissemination of threat details will probably have to be automated. Over time, the Cyber Threat Alliance will generate standards spelling out how this should be done, presumably using software such as the Trusted Automated Exchange of Indicator Information (TAXII) framework developed by MITRE and the Department of Homeland Security.
Industry’s bid for greater collaboration in meeting the cyber challenge has been matched by efforts at broader cooperation by the government. For instance, during the first Obama Administration, former Deputy Secretary of Defense Bill Lynn drove efforts to forge a cybersecurity alliance between his department and its contractors, which now has blossomed into the Defense Industrial Base Cybersecurity/Information Assurance Program. Under that program, industry and the military share information about cyber threats that is quickly analyzed and disseminated to counter emerging dangers. A broader effort managed in conjunction with the Department of Homeland Security provides similar support to companies operating critical infrastructure — including sometimes sharing highly classified threat indications.
However, a well-known federal advisor in such matters told me this week that the government unwittingly creates disincentives for industry to cooperate, for example by failing to protect sensitive information provided by companies that have experienced cyber attacks. McAfee president Gert-Jan Schenk has cited the absence of legislation promoting cross-national collaboration on cyber threats as one area where industry has to work harder to make up for government’s failure to act. His enterprise, which has invested heavily in cybersecurity research since being acquired by Intel in 2011, has become a leading proponent of collaborative efforts at closing the seams between organizations and domains that on-line criminals exploit.
So it seems that collective defense is no longer solely the province of diplomats and military allies. Companies, even when they are competing in the same markets, increasingly see the advantages of working together to counter shared threats. Some will say this demonstrates the ability of market forces to encourage enlightened behavior even when government does not intervene. However, a more sobering interpretation is that cyber threats are becoming so sophisticated and alarming they are forcing changes in the way people behave. Whichever interpretation you favor, it’s clear that collective defense is becoming an organizing principle for global cybersecurity efforts.
http://www.forbes.com/sites/lorenthompson/2014/09/19/cyber-alliances-collective-defense-becomes-central-to-securing-networks-data/