You Must Give to Receive: How Sharing Can Prevent the Next Big Attack

It’s time for the cybersecurity industry to stop talking about information sharing.  

Before you get out the flamethrowers, though, let me add – it’s time for the cybersecurity industry to start doing information sharing. More specifically, the industry needs to share threat intelligence at speed and at scale.  

This fundamental idea drives the CTA’s main project. Through its members, the CTA has developed a different kind of cyber threat intelligence sharing platform and organization. This platform and associated sharing rules enable our members to more effectively prevent and disrupt intrusion, attacks, and other kinds of malicious activity. We have started the process of “doing” intelligence sharing in the cybersecurity industry.  

Consider this: many cybersecurity companies spend time gathering threat intelligence that they use to update their own products, or to better protect their customers. Often times, this information is seen as the “competitive differentiator” that no cyber or security company would ever want out in the open. They certainly wouldn’t want to share this information with their biggest competitors in the market.

Yet, the truth is, that approach hasn’t worked. Every security company knows this fact. No security company nor the U.S. government has all of the threat intelligence needed to combat every threat. So while we want and need strong competition in the cybersecurity industry, we need that competition to play out differently. It should occur not primarily on the raw quantity of data, but rather on the quality of the data and what people actually do with it. The real competition lies in the analytics that companies put behind the data, the way they integrate it into their products or business models, and how they use it to protect customers.

Shift the Cybersecurity Conversation to Sharing

The big picture here is to encourage a mindset shift — to demonstrate that cybersecurity companies can share cyber threat intelligence while maintaining strong market competition, thereby making everyone better off. By sharing cyber threat intelligence at speed and at scale, we can improve defenses against advanced cyber adversaries across our member’s organizations and their customers. We can also advance the cybersecurity of critical information technology infrastructures and increase the integrity and efficiency of information systems. 

But there’s more. The CTA also enables intelligence sharing at human speeds through enabling the cybersecurity industry to collaborate more effectively. Take for instance the WannaCry worldwide ransomware attack earlier this year. During this attack, we assembled the threat intelligence units from all CTA members. As a result of this collaboration, members were able to discuss notes and gain insights more quickly than they would have been able to do on their own. In turn, they were better able to protect their customers and the entire digital ecosystem.  

Over the last few years, may information sharing alliances have emerged, and that’s a good thing. But the CTA is taking on the hard business of making such a sharing alliance work in the cybersecurity industry. If we can change how we share threat intelligence and enable it to happen regularly in the cybersecurity industry, then we can start to make progress against the cyber threats that plague us.   

Author: Michael Daniel

As President and CEO of CTA, Michael Daniel leads the team and oversees the organization’s operations. Prior to joining the CTA, Michael served from June 2012 to January 2017 as Special Assistant to President Obama and Cybersecurity Coordinator on the National Security Council Staff. In this role, he led the development of national cybersecurity strategy and policy, and ensured that the U.S. government effectively partnered with the private sector, non-governmental organizations, and other nations.