I'm sure you are familiar with the saying "it takes a village to raise a child." As I've gotten older, I've begun to realize that it takes a village to do a lot of things - or at least, you can accomplish much more when you have the village working together rather than doing things as an individual.
So why should cybersecurity be any different? After all, the bad guys aren't working alone, so why should organizations try to solve their security issues in isolation?
At the end of last year, there was some buzz in Congress about creating a National Information Sharing Organization that would serve as a clearinghouse for cyber threat information and would be shared among government agencies and private industry.
There was some dissension about this idea - it was coming from Congress, so how could there not be - but it obviously has some merit. The parent company of RSA, EMC, is supporting the idea of sharing information on advance persistent threats (APT). In fact, a panel of industry executives known as the Security for Business Innovation Council (SBIC) would like to see an intelligence-driven model of cybersecurity based on improved information gathering, sharing and analysis, according to Government Computer News. The article stated:
The main challenges to more effective cooperation, according to members of the Security for Business Innovation Council, are two-fold: A lack of ability to integrate and evaluate data within organizations, and a reluctance to share information between organizations, especially with government.
The SBIC is counting on the number of high-profile breaches in 2011 as leverage to get people to work together to thwart new threats. The Government Computer News article mentioned that the best way to work together is in smaller groups and personal contacts. I would agree. After all, the saying is that it takes a village, which is small and communal, as opposed to it taking a major city. If we can bring smaller, like-minded groups together to share the risks in their industry, improved cybersecurity will surely span out from there.