Cybersecurity

Former cyber czar looks to change info sharing

Michael Daniel. (Image credit: Sean Lyngaas) 

Former White House cyber czar Michael Daniel thinks there's a better way to do info sharing. (Photo credit: Sean Lyngaas/FCW.)

Founded in 2014 as a consortium of cybersecurity firms seeking to improve threat-information sharing and incident response, the Cyber Threat Alliance is now a formal non-profit with former White House cyber czar Michael Daniel as its president.

After two weeks at the helm of CTA, Daniel told FCW that he believes the growing member association can drive a number of changes in the cybersecurity ecosystem.

CTA members, which include founding firms Fortinet, Intel, Palo Alto Networks and Symantec, submit threat information into a proprietary platform that allows them to extract shared data in proportion to the quantity and quality of data they provide.

"If you're a member, your defensive products can now be based on a broader set of information than just your own," Daniel said. "That's a significant improvement just right there. And that happens at scale, at speed."

That means member cybersecurity firms will differentiate themselves less on what intelligence they have than on what they do with it in the products and services they provide. Daniel said he expects CTA to spur innovation and competition in that regard.

But, CTA isn't just about sharing threat indicators among members, it also seeks to take a bite out of cybercrime.

"We can take this data and we can use it to begin to assemble a much broader look at what adversaries are doing and actually assemble up what we are calling 'playbooks,'" he said. "It's really the description how the adversary in a particular instance does their entire business operation -- so not only in the malware that they are using, and not only the IP addresses, but their command and control infrastructure.

"If we could publish that and then have the cybersecurity vendors and governments and others begin to take action based on that, then we can actually disrupt the adversary's business model," he said.

The biggest medium- to long-term challenge Daniel sees is coordinating with governments around the world. The U.S. government and private sector have yet to see eye to eye on the protections, incentives and context needed to have effective information sharing that benefits both sectors.

Daniel said that some foreign governments that have limited cyber capabilities might be more inclined to partner with CTA in the near term.

"I think that's going to be a work in progress for some time," he said of integrating with the U.S. government.

About the Author

Sean Carberry is a former FCW staff writer who focused on defense, cybersecurity and intelligence.


Featured

  • Defense
    Soldiers from the Old Guard test the second iteration of the Integrated Visual Augmentation System (IVAS) capability set during an exercise at Fort Belvoir, VA in Fall 2019. Photo by Courtney Bacon

    IVAS and the future of defense acquisition

    The Army’s Integrated Visual Augmentation System has been in the works for years, but the potentially multibillion deal could mark a paradigm shift in how the Defense Department buys and leverages technology.

  • Cybersecurity
    Deputy Secretary of Homeland Security Alejandro Mayorkas  (U.S. Coast Guard photo by Petty Officer 3rd Class Lora Ratliff)

    Mayorkas announces cyber 'sprints' on ransomware, ICS, workforce

    The Homeland Security secretary announced a series of focused efforts to address issues around ransomware, critical infrastructure and the agency's workforce that will all be launched in the coming weeks.

Stay Connected