NSA, DHS Call for Info Sharing Across Public and Private Sectors

  /     /     /  
Publicated : 23/11/2024   Category : security

NSA, DHS Call for Info Sharing Across Public and Private Sectors


Industry leaders debate how government and businesses can work together on key cybersecurity issues.


If money were no object, and you didnt have to worry about bureaucracy or politics, what would you have your organization do to make a difference in the public-private sector discourse on cybersecurity? How would you improve tactics and techniques?
The thing Id love to be able to do is share in real time, said Neal Ziring, technical director for the National Security Agencys Capabilities Directorate. The question was posed to him, and two other panelists from the public and private sectors, in the RSA Conference panel Behind the Headlines: A Public-Private Discourse on Cyber-Defense, last week in San Francisco.
Ziring explained how if policy were not an issue, he would want to take NSAs foreign intelligence and turn it into actionable warnings in real time. Thats not easy. Were trying to work in that direction, he said, adding that there are considerable policy obstacles to that right now.
Defenders are overwhelmed with an onslaught of threat data, user error, poor endpoint protection tools, and myriad other factors making their jobs harder. This discussion brought together security experts to put the spotlight on which threats should be prioritized and how the government and private sector can better improve their relationships to address them.
John Felker, director of the DHSs National Cybersecurity & Communication Integration Center (NCCIC), outlined the security threats that are top-of-mind for government. China, he said, is a big one: It continues to engage in cyber espionage despite a 2015 agreement to stop. Industrial theft is a primary concern as Chinas long-term strategy is to improve its economy, he said.
Weve seen lots and lots of threats from Iran, Felker continued. Iran is now heavily focusing on oil and gas, primarily in the Middle East. We believe theyre posturing for future activity.
Next up: Russia. Part of the Russia threat relates to keeping their economy strong and the things they want to participate in to allow their form of government to continue, he explained. There is significant potential for mischief as there remains a possibility Russia will segregate itself from the Internet as a threat. Finally, Felker pointed to North Korea, which is primarily financially motivated and needs funds to develop domestic IT infrastructure and industry.
A Call for Info Sharing
Information sharing was a key theme of the talk, and all panelists emphasized a greater need for the public and private sectors to share threat intelligence. It doesnt do us any good to exchange business cards in the middle of a cyber incident, Felker said. He encourages organizations to reach out if theyre hit. Make sure someone knows its OK to do that, he added.
While the NSA doesnt have the public facing role the DHS does, Ziring noted the organization does interact with the public and business communities. His advice: If we go to the trouble to publish advice, take it, he said. We dont publish all that frequently, and when we do there are really good reasons behind it.
He also advised businesses to collaborate with the NSA on a technical level. The goal were trying to achieve is shared visibility into the cyberspace where we all have to operate, Ziring continued. Threat actors have visibility over all of us; it would help businesses to do the same.
Security teams need to establish trust before an attack takes place. Part of building relationships involves conducting internal and external exercises across the organization so senior leadership knows whats happening and what to do. If you implement a security framework, blog about it, said Curtis Dukes, executive vice president and general manager for the Security Best Practices and Automation Group at the Center for Internet Security.
You are a target – its not if but when youre attacked, Dukes explained. Communicate heres what happened and why. That way, we all learn from your misfortune, but more importantly we can protect ourselves.
Modern C-suites are more aware of cybersecurity and the effect it can have on a business, he added. Major incidents have taught them how poor security can affect a bottom line, and now theyre asking for board members who have cybersecurity expertise.
However, where were falling short is we still havent done an adequate job of translating cyber-risk to business risk, he added. Businesses will place high value on certain business processes but fail to recognize the impact of losing that process in a cyberattack.
Related Content:
6 Tips for Getting the Most from Your VPN
IT Security Administrators Arent Invincible
Shifting Attacks Put Increasing ID Fraud Burden on Consumers
DHS: No Investigation Planned for Electrical Grid Incursions
 
 
Join Dark Reading LIVE for two cybersecurity summits at Interop 2019. Learn from the industrys most knowledgeable IT security experts. Check out the
Interop agenda
here.

Last News

▸ ArcSight prepares for future at user conference post HP acquisition. ◂
Discovered: 07/01/2025
Category: security
▸ Samsung Epic 4G: First To Use Media Hub ◂
Discovered: 07/01/2025
Category: security
▸ Many third-party software fails security tests ◂
Discovered: 07/01/2025
Category: security


Cyber Security Categories
Google Dorks Database
 		Exploits Vulnerability
 		Exploit Shellcodes

CVE List
 		Tools/Apps
 		News/Aarticles

Phishing Database
 		Deepfake Detection
 		Trends/Statistics & Live Infos



Tags:
NSA, DHS Call for Info Sharing Across Public and Private Sectors