Threat Level: green Handler on Duty: Xavier Mertens

SANS ISC: InfoSec Handlers Diary Blog InfoSec Handlers Diary Blog

Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!

White House strategy on security information sharing and safeguarding

Published: 2012-12-20
Last Updated: 2012-12-20 01:38:42 UTC
by Daniel Wesemann (Version: 1)
1 comment(s)

Today, the White House published its new national strategy for information sharing and safeguarding. See for the full PDF (15 pages).

The document touches a key point that has in the past often stymied cooperation and information sharing between the government and the private sector. In my experience, the gov organizations were always very open to receive and soak up information shared with them by private enterprise, but were far less forthcoming with returning the favor. Very rarely did I ever receive intel from government contacts that wasn't either mostly public knowledge, or that I hadn't received already anyway from peers in the industry. 

Almost ironically, it is a security problem and security trade-off decision in itself to determine how much realtime security intel can be shared, and with whom, to maximize the benefit without incurring undue additional risk by the intel leaking to the attackers' side. We are - as security professionals - supposed to be good at this kind of judgment call, but our ingrained paranoia often gets into our way. The result is that we tend to be over-cautious with sharing intel, which in turn hurts our peers and ourselves, and helps the bad guys.

As such, I was positively surprised to read in the new national strategy that "collecting intel" seems to slowly but steadily be supplanted by "collecting intel and making timely use of it", which is definitely an improvement for everyone. But the "Top Five" priorities on the summary page 14 seem to me to rather reflect the approach of old again, where "guidelines were developed" and "frameworks were established", but nothing really changed in the real world outside of the Beltway. Which was a bit of a letdown after reading the front portion of the document... but in general, I still find it quite refreshing that the trade-off between sharing and safeguarding is officially recognized, and that there is also a hint of self-reflection in the document that suggests to me that not all is lost :)

If you have any comments on the content of the White House paper, or on security intel information sharing in general, please let us know via our contact form, or use the comments field below.


1 comment(s)
Diary Archives