Cybersecurity Sharing: The Latest Fad or a Real Security Breakthrough?

Sue Marquette Poremba
Slide Show

Top 10 Tips for Educating Employees About Cybersecurity

It seems that cybersecurity data sharing is all the rage these days. Just today, I read an article about the creation of the Cyber Threat Intelligence Integration Center, an Obama administration initiative meant to encourage the flow of cybersecurity-related data between government agencies and private businesses. I also read about Facebook’s new platform for cybersecurity professionals to share information more easily.

It seems so logical, doesn’t it? Security professionals have been sharing information about new malware and vulnerabilities for a long time, so it is nice to see a true outlet available that could open up threat sharing to security administrators across industries. Government agencies and private industry should be working together as a united front to better address the evolving threats facing our networks and data. This isn’t like sharing industry trade secrets; we’re all in the same boat when it comes to cybersecurity.

Of course, sharing wasn’t always popular. When Congress first began to talk about the Cyber Intelligence Sharing and Protection Act (CISPA), there was a lot of resistance because of fears that it would hurt privacy, particularly with the government sticking its nose into the private sector. It’s why CISPA didn’t have a prayer of passing for a long time.

But that attitude came before Target, Home Depot, Sony, Anthem, and a host of other breaches were making the news every evening. And before the average person began to sincerely care about cybersecurity and needing someone to protect their personal information from being sold on the black market.

Login Security

On the surface, cybersecurity threat sharing appears to be a good thing – the more we know, the better we are able to address the problems. But not everyone is convinced that cybersecurity sharing is the real-deal breakthrough at addressing threats. According to TechWire, former White House Cybersecurity Coordinator Melissa Hathaway was cited as believing the new government agency is redundant and will do little more than create even more bureaucracy. And Stephen Cobb, senior security researcher at security firm ESET, wondered in an email to me whether getting intelligence about cybersecurity threats more quickly will actually make a difference, adding:

Unless the stated goal is to identify bad actors more swiftly, and sanction them with greater precision and immediacy, we’re not going to deter the kind of attacks that provoked this new initiative.

So will cybersecurity sharing actually work, or is it a fad that sounds good but will fade away when the next big attack happens?

Sue Marquette Poremba has been writing about network security since 2008. In addition to her coverage of security issues for IT Business Edge, her security articles have been published at various sites such as Forbes, Midsize Insider and Tom's Guide. You can reach Sue via Twitter: @sueporemba

Add Comment      Leave a comment on this blog post
Feb 16, 2015 12:22 PM Crawdaddio Crawdaddio  says:
The biggest challenge with these data sharing efforts is that more data does not equal more information. Already, businesses are overwhelmed parsing through data to determine what is a real threat. I read somewhere that 81% of threat alerts aren't even looked at due to the high incidence of false positives. Threat intelligence sharing will only work if the data is "organic" or "original source", input into a platform that helps determine reliability and provide action steps. Otherwise, government and industry efforts to share will just become another bureaucratic nightmare. Reply

Post a comment





(Maximum characters: 1200). You have 1200 characters left.



Subscribe to our Newsletters

Sign up now and get the best business technology insights direct to your inbox.