White House strategy on security information sharing and safeguarding
Last Updated: 2012-12-20 01:38:42 UTC
by Daniel Wesemann (Version: 1)
Today, the White House published its new national strategy for information sharing and safeguarding. See http://www.whitehouse.gov/sites/default/files/docs/2012sharingstrategy_1.pdf for the full PDF (15 pages).
The document touches a key point that has in the past often stymied cooperation and information sharing between the government and the private sector. In my experience, the gov organizations were always very open to receive and soak up information shared with them by private enterprise, but were far less forthcoming with returning the favor. Very rarely did I ever receive intel from government contacts that wasn't either mostly public knowledge, or that I hadn't received already anyway from peers in the industry.
Almost ironically, it is a security problem and security trade-off decision in itself to determine how much realtime security intel can be shared, and with whom, to maximize the benefit without incurring undue additional risk by the intel leaking to the attackers' side. We are - as security professionals - supposed to be good at this kind of judgment call, but our ingrained paranoia often gets into our way. The result is that we tend to be over-cautious with sharing intel, which in turn hurts our peers and ourselves, and helps the bad guys.
As such, I was positively surprised to read in the new national strategy that "collecting intel" seems to slowly but steadily be supplanted by "collecting intel and making timely use of it", which is definitely an improvement for everyone. But the "Top Five" priorities on the summary page 14 seem to me to rather reflect the approach of old again, where "guidelines were developed" and "frameworks were established", but nothing really changed in the real world outside of the Beltway. Which was a bit of a letdown after reading the front portion of the document... but in general, I still find it quite refreshing that the trade-off between sharing and safeguarding is officially recognized, and that there is also a hint of self-reflection in the document that suggests to me that not all is lost :)
If you have any comments on the content of the White House paper, or on security intel information sharing in general, please let us know via our contact form, or use the comments field below.
At DHS, however, Tom Millar has been tasked with fostering the exchange of information with the private sector and other agencies. Tom, Sean Barnum at MITRE, and a number of colleagues in the IDXWG working group have been trying to develop tools to enable such exchange. Those tools include TAXII, STIX, and cybOX (Mandiant's IOC does something similar). These tools just provide a framework, but they have excited a significant amount of interest.
Dec 20th 2012
1 decade ago