Cybersecurity

Former cyber czar looks to change info sharing

Michael Daniel. (Image credit: Sean Lyngaas) 

Former White House cyber czar Michael Daniel thinks there's a better way to do info sharing. (Photo credit: Sean Lyngaas/FCW.)

Founded in 2014 as a consortium of cybersecurity firms seeking to improve threat-information sharing and incident response, the Cyber Threat Alliance is now a formal non-profit with former White House cyber czar Michael Daniel as its president.

After two weeks at the helm of CTA, Daniel told FCW that he believes the growing member association can drive a number of changes in the cybersecurity ecosystem.

CTA members, which include founding firms Fortinet, Intel, Palo Alto Networks and Symantec, submit threat information into a proprietary platform that allows them to extract shared data in proportion to the quantity and quality of data they provide.

"If you're a member, your defensive products can now be based on a broader set of information than just your own," Daniel said. "That's a significant improvement just right there. And that happens at scale, at speed."

That means member cybersecurity firms will differentiate themselves less on what intelligence they have than on what they do with it in the products and services they provide. Daniel said he expects CTA to spur innovation and competition in that regard.

But, CTA isn't just about sharing threat indicators among members, it also seeks to take a bite out of cybercrime.

"We can take this data and we can use it to begin to assemble a much broader look at what adversaries are doing and actually assemble up what we are calling 'playbooks,'" he said. "It's really the description how the adversary in a particular instance does their entire business operation -- so not only in the malware that they are using, and not only the IP addresses, but their command and control infrastructure.

"If we could publish that and then have the cybersecurity vendors and governments and others begin to take action based on that, then we can actually disrupt the adversary's business model," he said.

The biggest medium- to long-term challenge Daniel sees is coordinating with governments around the world. The U.S. government and private sector have yet to see eye to eye on the protections, incentives and context needed to have effective information sharing that benefits both sectors.

Daniel said that some foreign governments that have limited cyber capabilities might be more inclined to partner with CTA in the near term.

"I think that's going to be a work in progress for some time," he said of integrating with the U.S. government.

About the Author

Sean Carberry is a former FCW staff writer who focused on defense, cybersecurity and intelligence.


Featured

  • People
    Federal CIO Suzette Kent

    Federal CIO Kent to exit in July

    During her tenure, Suzette Kent pushed on policies including Trusted Internet Connection, identity management and the creation of the Chief Data Officers Council

  • Defense
    Essye Miller, Director at Defense Information Management, speaks during the Breaking the Gender Barrier panel at the Air Space, Cyber Conference in National Harbor, Md., Sept. 19, 2017. (U.S. Air Force photo/Staff Sgt. Chad Trujillo)

    Essye Miller: The exit interview

    Essye Miller, DOD's outgoing principal deputy CIO, talks about COVID, the state of the tech workforce and the hard conversations DOD has to have to prepare personnel for the future.

Stay Connected

FCW INSIDER

Sign up for our newsletter.

I agree to this site's Privacy Policy.