by clicking on the page. A slider will appear, allowing you to adjust your zoom level. Return to the original size by clicking on the page again.
the page around when zoomed in by dragging it.
the zoom using the slider on the top right.
by clicking on the zoomed-in page.
by entering text in the search field and click on "In This Issue" or "All Issues" to search the current issue or the archive of back issues respectively.
by clicking on thumbnails to select pages, and then press the print button.
this publication and page.
displays a table of sections with thumbnails and descriptions.
displays thumbnails of every page in the issue. Click on a page to jump.
allows you to browse through every available issue.
GCN : March 2015
CYBEREYE THE NEED FOR timely sharing of information about both potential and actual attacks has been considered a prime focus for government and industry cybersecurity for at least the past decade. The 911/Commission Report first brought to light the lack of intell sharing among agen- cies, for example, and that lack was seen extending into the cybersecurity realm. The language used in the report, though aimed at terrorism, speaks as much to the problems surround- ing cybersecurity today. The events of 9/11 showed “an enemy who is sophisticated, patient, disciplined, and lethal,” and also the “fault lines within our government (and the) pervasive problems of managing and sharing in- formation across a large and unwieldy government.” The Obama administra- tion’s most recent push to improve U.S . cybersecurity tries to ratchet up efforts to boost information shar- ing both within government and with the private sector. Shortly after, the administra- tion announced the forma- tion of a new Cyber Threat Intelligence Integration Center that’s intended to be the government’s focus for rapid collection and dis- semination of information on cyberthreats. How far this will go is an open question. While some have welcomed the new proposals, others wonder if the new center will just add to the organizational confu- sion. The National Security Agency, the Department of Homeland Security, the FBI and the military already have responsibility for collecting this kind of information, and after years of acrimony and pushback, they’ve managed to develop cohesion about sharing it. Technically, the tools for sharing have also progressed, leading to a number of ac- ronymic specs such as TAXII (the Trusted Automated eXchange of Indicator Infor- mation), STIX (the Structured Threat Information eXpres- sion) and the Cyber Observ- able eXpression (cybOX). Joining them recently is the Data Aggregation Reference Architecture (DARA), a first response to the 2012 National Strategy for Information Sharing and Safeguarding. These and other tools all perform important roles. DARA, for example, is aimed at providing a model for how various groups can pull data sets together in order to improve security while also protecting individual privacy, which has been one of the big stumbling blocks to shar- ing of information. But is all of this enough? If 2014 showed anything, it’s that cybersecurity efforts are falling behind the speed and the level of sophistication at- tackers apply to the way they get threats into the cyber infrastructure. President Obama in fact mentioned the attack on Sony Pictures late last year as just the latest rea- son behind his new legisla- tive proposals. Industry looks to the gov- ernment for a lead on many aspects of cybersecurity, but the fact is that government is not noted for its speed in dealing with cyber threats or for convincing industry to share information about attacks with it. However, it is trying. The FBI, for example, released an unclassified version of its Binary Analysis Characterization and Storage System (BACSS) as an ad- ditional incentive to public/ private sharing. BACSS is an automated malware analysis system used by the FBI enterprise- wide that can link cases where instances of the same malware are present. Now industry seems to be expanding its own efforts to improve sharing. Facebook has launched a framework for “importing information about [threats] on the Inter- net in arbitrary formats, stor- ing it efficiently, and making it accessible for both real- time defensive systems and long-term analysis.” Early partners already include Bitly, Dropbox, Pinterest, Tumblr, Twitter and Yahoo. Microsoft last year also introduced Interflow, its own attempt to collaborate more closely with the cybersecu- rity community. Interf low is a distributed system that en- ables users to form communi- ties to decide what informa- tion to share and with whom. That adds to a number of other international collection and sharing efforts, as well as the global infrastructures that individual security companies have established to collect information about threats. There are still major bar- riers to sharing, particularly privacy and the need for encryption. How govern- ment manages to live within, and profit from, this grow- ing sharing ecosystem while improving how fast it reacts to threats is the real question it has to address. • How government manages to live within this growing data-sharing ecosystem while improving how fast it reacts to threats is the real question it has to address. Cyber info sharing: More noise than signal? BY BRIAN ROBINSON CYBEREYE 18 GCN MARCH 2015 • GCN.COM 0315gcn_018.indd 18 3/2/15 12:56 PM