Information Sharing

Post CISA Approval – Transitioning From a Culture of “Need to Know” to One of “Need to Share”

Kobi Freedman Blog, Legislation

We have seen some very serious breaches in the past two years. Breaches that have affected tens of millions of consumers, cost seven figure sums to control and caused reputational damage. The time has come to find ways of managing the exponentially growing threat landscape and the impact it is having on our everyday business.

Finding ways of handling this onslaught of cybercrime has been an industry hot topic for a while now. Both legislations and technologies are evolving in an effort to prepare for and monitor the changing security landscape.  Now that it has passed the Senate, the Cyber Information  Sharing Act (CISA) will assist to establish an acceptance that the sharing of security intelligence between companies and government departments is a positive move and one needed to manage the onslaught of the security threats we are currently experiencing.

However, even with the right legislation and tools helping us to achieve security information collaboration, we still have a number of hurdles to overcome. So what is stopping us using a potentially very powerful method of mitigating security risk?

Many of the issues that plague the use of security collaboration between companies also prevent it inside companies too. Inter-departmental collaboration is as important, if not more important, than intercompany security collaboration and yet it seems difficult to enable.  As more boards of directors come to terms with the vital importance of security as a holistic process, rather than just a department in IT, the use of intercompany knowledge is also starting to take a seat on the board. This is leading to real analysis of the what, why, how and where of effective internal company security collaboration.

It’s interesting to note that the humanitarian community has been instrumental in looking at how collaboration around security data can operate. The USAID document that describes Security Collaboration: Best Practices, although covering a wider scope in terms of security than most enterprises, advises analysis of the barriers that exist in the sharing of data for security purposes and addressing those. They use the phrase, “transitioning from a culture of “need to know” to one of “need to share”. This philosophy needs to be embraced by enterprises of all sizes to make true inroads into the battle we are waging against security threats.

What sort of security data should be shared?

This is a question that needs to be addressed at the outset. You cannot hope to collaborate and share important data, without knowing what that data is in the first place. Security data is much like any other data and can, in fact reveal policies and other sensitive information. Identifying which data is available and in a form that can be shared, will help the business to understand how, even inter-departmental sensitive information, can be shared in a secure and privacy enhanced manner.

The types of data can also determine the way that you collaborate on security. For example, different departments may have garnered SIEM intelligence around emerging threats. Collating this data can then be used to inform the rest of the organization. Other data, such as sharing of infrastructure and methodologies used to mitigate attacks, may contain sensitive information, but is a powerful piece of knowledge that could benefit the organization as a whole.

How to share security intelligence

The next step, once you have established your sources and types of data that will benefit a collaborative security infrastructure, is how to actually share these data in a secure and privacy respecting manner. The British Center for Protection of National Infrastructure has done some excellent work in the area of threat intelligence and data sharing. In their report on Integrating Threat Intelligence, they set out the idea of an ‘Intelligence Cycle’ which takes you through several stages, through planning, collection, analysis and dissemination. These stages involve the creation of a ‘trusted community’ and this idea of building trust within an organization, as well as between different organizations, is a keystone for successful security threat intelligence sharing and collaboration.

Sharing data and regulations

Sharing of data within an organization may seem straightforward; after all, it is the same company. However, if this involves international inter-company data transfer, then you may need to ensure that you meet any data sharing and privacy laws and regulations in the host and recipient country. For example, the sharing of data between the U.S. and Europe, was until recently covered by the Safe Harbor agreement. This agreement has been recently invalidated by Europe, but the privacy and data security laws that exist in Europe still need to be met to share data between the two continents. Even within North America there is no single comprehensive law covering data security, instead there are 47 federal and state level data protection and breach notification laws that need to be adhered to.

The hierarchy of data management

One of the areas that an organization needs to decide upon when sharing security intelligence, is data ownership. This can be a fluid entity, with data being owned by various stakeholders throughout the flow process. The ideal situation is to have a single person or department, responsible for the overseeing of the data flow. If this is not possible, which can be the case in highly disperse enterprises, then a team of individuals heading up the initiative should be considered.

Introducing more vulnerability

The sharing of security data for collaborative control of threats is in itself opening the door to potential data leakage and privacy issues. The security of the intelligence needs to be assured. All of the policies and rules that are applied to other datasets need to also be applied to security data. A holistic approach to company data protection policies needs to encompass all data, including meta data. Employee education is part of this holistic approach. Keeping all employees, across the organization abreast of security regulations, requirements of any data privacy laws and generally aware of any threats, including phishing attacks, will help create a truly collaborative security environment.

The cost of sharing

In this overview article, you can see that there are a myriad of considerations for even internal company security data sharing and continued security collaboration. Taking the decision to share security intelligence and making it work, across an often disparate and geographically wide organization is certainly no picnic and has many considerations that need to be made to take the road to security threat control.

This is where the decentralized collaboration platform, Comilion, comes into effect.

The following two tabs change content below.
Kobi Freedman

Kobi Freedman

Founder & CEO at Comilion
Kobi Freedman is the Co-Founder and CEO of Comilion, pioneering the collaborative security segment by developing an infrastructure for exclusive sharing networks in regulated and highly sensitive environments. Kobi has been immersed in the cyber security arena for over 15 years. Starting out in the IDF and following on with private sector, he participates in numerous Israeli and global policy workgroups that set the standards for cyber defense.