The new P2P initiative
Government and industry need to pool cyber threat intelligence
- By Kevin Coleman
- Mar 01, 2010
No, we are not talking about peer-to-peer networks. We are referring to public and private cyber defense and intelligence collaboration.
The recent events and media attention centered on cyberattacks on Google and 33 other organizations, which include defense contractors, are clear indicators that cyber defense, security and intelligence must be increased and based on a foundation of cooperation and collaboration between the public and private sectors. It is clear that cyber intelligence must become an integrated, proactive component of cyber defense not only in the government and military sectors but also in the private sector.
Most activities related to cyber threats intelligence can be characterized as reactive. In most cases, they are based on vulnerability disclosures, current events or an actual attack. The cyber threat environment demands that organizations take proactive measures based on near real-time cyber intelligence collected from a broad base of sources in the public and private sector.
The government, law enforcement, military and intelligence community must combine and work collaboratively with business, industry and technology leaders to share threat intelligence and other critical information needed to become proactive. This requirement to share intelligence and collaboration goes against how the intelligence community has been training to operate. A common shared cyber intelligence repository that allows both sides to contribute must be constructed to facilitate this tightly coupled pairing of the private and public sectors.
In addition to becoming proactive and increasing cyber defenses, we also need to create an international cyber deterrence treaty with teeth. Although the State Department has lodged a formal complaint against China regarding the cyberattacks that struck Google, Adobe Systems and dozens of other companies, this is clearly not enough.
U.S. military and intelligence agencies are only able to share a small amount of information about past and current cyberattacks against the private sector for fear of jeopardizing cyber intelligence collection sources and methods. Having a repository would create a central source for the investigation of and defense against cyberattacks on the more than 80,000 elements of our nation’s critical infrastructure listed in a Homeland Security Department database. Given the growing threats to our nation’s critical infrastructure and the fact that more than 80 percent of that infrastructure is privately owned and/or operated, a common repository and collaboration between the private and public sector are required if we want to become proactive and defend against the growing number of sophisticated attacks that target our nation, infrastructure and way of life.
Time is of the essence. Cyberattacks are increasing in frequency and sophistication. Last year, a new strain of malware was released about every 1.25 seconds. The attacks against Google and others are said to be very complex — even more complex than the GhostNet attacks that were discovered and reported in spring 2009. In efforts to gain a competitive edge, foreign governments and businesses are using malware and hacking to acquire or steal the latest technologies from our research and development centers. An increased number of organizations and officials are predicting that in 2010, we will see the first real cyberattack exchange involving the United States.
Dennis Blair, director of national intelligence, recently testified before the Senate Select Committee on Intelligence and discussed the Annual Threat Assessment of the U.S. intelligence community. He started his testimony by addressing the impact of the cyber threat, saying, "The United States confronts a dangerous combination of known and unknown vulnerabilities, strong and rapidly expanding adversary capabilities, and a lack of comprehensive threat awareness.” He went on during his testimony to express concerns about U.S. resiliency and our ability to operate while under attack.
The battle to secure and safeguard cyberspace will be won or lost based on the intelligence we collect, analyze, respond to and share with those organizations that are part of our nation’s critical information infrastructure.