Experts Urge InfoSec Info Sharing At Columbia-GCIG Conference

It all starts at the bar with a beer.

NEW YORK -- The necessity for greater cybersecurity information sharing was stressed by speakers from academia, government and finance, Friday, at the Conference on Internet Governance and Cyber-Security, held by the Columbia University School of International and Public Affairs, in collaboration with the Global Commission on Internet Governance (GCIG).
It all starts at the bar with a beer, said keynote speaker Gregory Rattray, Global CISO of J.P. Morgan Chase. It starts with a limited number of people who trust each other.
Rattray explained that information sharing works best from a bottom-up, not top-down approach, and said that technical people can break down borders that people in government and business cannot. He gave the example of when he worked at ICANN during the spread of Conficker. Network operators in different countries were able to reach across those borders, he said, when other people failed.
The financial sector is improving info sharing, via the FS-ISAC. Beth Petrie, director of intelligence analysis for Citigroup Information Protection Directorate, said that cybersecurity is seen as a non-competitive area, which encourages sharing.
Yet Steven Bellovin, professor of computer science at Columbia Universitys School of Engineering, says that there is still a lot to be improved about the kind of knowledge thats actually being exchanged. We dont learn as professionals how the defenses failed, said Bellovin. That is the kind of information that would be useful.
The problem, in a nutshell, is How do you share trust in a low-trust environment? said Paul Bracken, professor of Yale School of Management.
Bracken also suggests that organizations conduct incident response war games to test how theyre going to react when a successful attack occurs. Hes led war game exercises as a consultant at other organizations. The word that comes to my mind is panic. he said. They dont know what to do, so they default to the CISO and Legal.
Lou Modano, senior vice president and global head of infrastructure services for NASDAQ said that the stock exchange has set the bar very high with [war] gaming. All the CISOs in exchange share information and conduct simulations, said Modano.
On another twist on information sharing, Michael Chertoff, GCIG Commissioner and former secretary of the U.S. Department of Homeland Security, commented on the recent no-hack pact between Russia and China. Chertoff said he thinks if China sees intellectual property in Russia of value, theyll still steal it. I view it as an opportunist relationship, he said, not one thats enduring.
All conflicts going forward will have a bizarre consumer impact. Kevin Mandia

Last News
▸ ArcSight prepares for future at user conference post HP acquisition. ◂ Discovered: 07/01/2025 Category: security	▸ Samsung Epic 4G: First To Use Media Hub ◂ Discovered: 07/01/2025 Category: security	▸ Many third-party software fails security tests ◂ Discovered: 07/01/2025 Category: security

**Cyber Security Categories**
Google Dorks Database	Exploits Vulnerability	Exploit Shellcodes

CVE List

Tools/Apps

News/Aarticles

Phishing Database

Deepfake Detection

Trends/Statistics & Live Infos

Tags:
Experts Urge InfoSec Info Sharing At Columbia-GCIG Conference