In the face of the current wave of cyber threats, the U.S. government announced this week in Washington DC that as part of the Homeland Security initiative the current administration is creating a new agency called the Cyber Threat Intelligence Integration Centre (CTIIP) to monitor cybersecurity threats by acquiring, pooling and analysing any captured information – AKA ‘intelligence.’ This new CTIIC agency will be seeking to exploit any acquired snippets of intelligence assets to ‘connect the dots’ between various cyber threats to the US, with a view to sharing any value intelligence in a collaborative effort with relevant departments and agencies, such as the Department of Homeland Security, NSA, FBI, CIA, and where appropriate, the Private Sector, in as close to real time circulation as possible. With this new conjoined capability, the CTIIC will no doubt be acquiring Open Source Intelligence (OSINT), subliminal elements associated with metadata, and other sources of data leakage, which may be subjected to further extraction and analysis of the associated content to gain a cyber-pen-picture of the aggregated information—turning it into real-time intelligence. However, and more to the point, here we are seeing some real out-of-the-box initiatives out of the U.S. administration seeking to leverage information, potentially allowing the U.S. to mitigate a threat before it even happens in what may be described as a Cyber Threat Intelligence capability, which may be employed to support pre-crime ‘minority reporting’ form of a proactive security posture. Whilst the U.S. government is demonstrating real imagination in this area, we should not forget that such proactive defensive capabilities are of equal value to those residing in the commercial sector, who may also derive high value security benefits from such sources of intelligence which may affect, or hold implications to their own brand space, and to assist businesses to identify what are the unknown unknowns of their own security exposures and vulnerabilities; thus, providing the organisations with a higher grade security capability to protect and defend their own assets. In a perfect world, we would see every big name commercial business deploying the capabilities of cyber threat intelligence, which would then share its output as appropriate with the police, security services and other related agencies to present the wide-scale threat representation of their businesses surface of attack. In turn, this would give the authorities a cyber-landscape view of the concerned cyber-actors and attackers who are in play. However, as with the U.S. congress who have tried for years to pass legislation to encourage companies to share data from cyberattacks with the government and each other, these efforts were stymied by liability issues and privacy concerns of citizens and businesses—we in the UK face these same concerns. In the year 2015, we must start to recognise that we live in a new age, which is generating unconventional cyber threats in the form of the APT (Advanced Persistent Threats), high capability hackers, state sponsored activities, which in many cases businesses are attempting to counter with the employment conventional security defences, compliance and governance mechanisms, and old style, out dated modes of thinking. If, however, we are to counter the current and proven onslaught of successful cyber incursions, then we should take the lead from the approach the U.S. is taking, and start to put privacy issues to one side, recognise the high potential of the cyber risks we face, and start to rethink what cyber security defence must look like in 2020. Editor’s Note: The opinions expressed in this guest author article are solely those of the contributor, and do not necessarily reflect those of Tripwire, Inc. If you are interesting in contributing to The State of Security, contact us here.
