by clicking on the page. A slider will appear, allowing you to adjust your zoom level. Return to the original size by clicking on the page again.
the page around when zoomed in by dragging it.
the zoom using the slider on the top right.
by clicking on the zoomed-in page.
by entering text in the search field and click on "In This Issue" or "All Issues" to search the current issue or the archive of back issues respectively.
by clicking on thumbnails to select pages, and then press the print button.
this publication and page.
displays a table of sections with thumbnails and descriptions.
displays thumbnails of every page in the issue. Click on a page to jump.
allows you to browse through every available issue.
GCN : March 2014
Internet Identity's (IID) ActiveTrust platform for sharing cyberthreat intel- ligence, which has been used for the past year by several dozen federal agencies and other enterprises, is be- ing opened up to general availability. The commercial offering, which will be available to qualifying customers on a subscription basis, is an effort to leverage the convenience of social networking for information sharing, while using the power of binding con- tracts to ensure the control of sensitive information. "The problem we are trying to ad- dress is that information is known to a lot of people, but doesn't get shared for a lot of reasons," said IID CEO Lars Harvey. "This platform provides users the tools to share as widely as they are comfortable with." The need to share more data about threats across enterprise boundaries for effective cyber- security has long been acknowl- edged, but the barriers to sharing have been just as evident. Those obstacles are more business and cultural than technical. "They are worried about liability and about risk," Harvey said about busi- nesses. "They are worried that some- how it's going to come back to bite them." And agencies hesitate to share sensitive or classi ed information with the private sector. FAMILIAR ISSUES There have been efforts to enable information sharing between gov- ernment and the private sector and within the private sector. Under the Defense Industrial Base program the Defense Department supplies informa- tion, including threat signatures, to selected contractors in exchange for information gathered from contractors' systems. An executive order released last year calls for voluntary information-sharing programs between the private sector and the military and intelligence com- munities as well as the Homeland Se- curity Department. Information Sharing and Analysis Centers also have been established for speci c industrial sec- tors to provide voluntary forums for sharing. But all of these efforts have had limited success. "The data is there, but it's just in a larger silo," Harvey said. Getting the information out of the silos is dif cult because sharing still relies on one- to-one trust relationships that do not scale. "When a group gets too large, people quit sharing." Acknowledging that "this is the dy- namic that exists," the goal of the Ac- tiveTrust platform is to expand ad hoc sharing groups as much as possible by letting contributors retain ownership of data and control its dissemination within the community. Members are prescreened and agree to a common set of rules for con dentiality and information use. "It is not just a hand- shake, but a written document" that can be enforced, Harvey said. MACHINE ANALYSIS OF SHARED DATA Data shared through the platform is standardized so that it can be machine analyzed and used by security tools as well as analyzed by humans. Descrip- tions and metadata allow information to be ltered and cross referenced as well as scored for applicability for members. The ActiveTrust Hub enables secure collaboration between members. Members can designate who gets access to information shared on the platform and how it is to be used. Ulti- mately, trust is enforced by a contract rather than through technology, Harvey said. All ActiveTrust subscribers are vetted by IID before joining the community. Currently the member- ship consists of large Fortune 500 companies and federal agencies, so vetting is easy. IID expects that subscribers will continue to be large organizations for the foresee- able future. As the membership expands to include smaller orga- nizations, more on-site veri cation could be required. Although the goal of ActiveTrust is to expand the community in which threat information is shared, its size will be limited for the time being. Current participants are in the dozens, and the platform is ready to scale up to hundreds, and potentially thousands, Harvey said. "But hun- dreds is a logical goal for now." Harvey said IID has had positive re- sponse from current government users of the platform who say that security has been improved. "We've had some wins," he said. "It is helping to prevent and stop the spread of some things, and they are seeing fewer infections and easier administration." • Social platform for sharing cyber threat intell opens up BY WILLIAM JACKSON [BrieFing] Agencies and companies are worried about liability and about risk of threat information sharing. They are worried that somehow it's going to come back to bite them. --- INTERNET IDENTITY CEO LARS HARVEY 6 GCN MARCH 2014 • GCN.COM