Cybersecurity

Former cyber czar looks to change info sharing

Michael Daniel. (Image credit: Sean Lyngaas) 

Former White House cyber czar Michael Daniel thinks there's a better way to do info sharing. (Photo credit: Sean Lyngaas/FCW.)

Founded in 2014 as a consortium of cybersecurity firms seeking to improve threat-information sharing and incident response, the Cyber Threat Alliance is now a formal non-profit with former White House cyber czar Michael Daniel as its president.

After two weeks at the helm of CTA, Daniel told FCW that he believes the growing member association can drive a number of changes in the cybersecurity ecosystem.

CTA members, which include founding firms Fortinet, Intel, Palo Alto Networks and Symantec, submit threat information into a proprietary platform that allows them to extract shared data in proportion to the quantity and quality of data they provide.

"If you're a member, your defensive products can now be based on a broader set of information than just your own," Daniel said. "That's a significant improvement just right there. And that happens at scale, at speed."

That means member cybersecurity firms will differentiate themselves less on what intelligence they have than on what they do with it in the products and services they provide. Daniel said he expects CTA to spur innovation and competition in that regard.

But, CTA isn't just about sharing threat indicators among members, it also seeks to take a bite out of cybercrime.

"We can take this data and we can use it to begin to assemble a much broader look at what adversaries are doing and actually assemble up what we are calling 'playbooks,'" he said. "It's really the description how the adversary in a particular instance does their entire business operation -- so not only in the malware that they are using, and not only the IP addresses, but their command and control infrastructure.

"If we could publish that and then have the cybersecurity vendors and governments and others begin to take action based on that, then we can actually disrupt the adversary's business model," he said.

The biggest medium- to long-term challenge Daniel sees is coordinating with governments around the world. The U.S. government and private sector have yet to see eye to eye on the protections, incentives and context needed to have effective information sharing that benefits both sectors.

Daniel said that some foreign governments that have limited cyber capabilities might be more inclined to partner with CTA in the near term.

"I think that's going to be a work in progress for some time," he said of integrating with the U.S. government.

About the Author

Sean Carberry is a former FCW staff writer who focused on defense, cybersecurity and intelligence.


Featured

  • Telecommunications
    Stock photo ID: 658810513 By asharkyu

    GSA extends EIS deadline to 2023

    Agencies are getting up to three more years on existing telecom contracts before having to shift to the $50 billion Enterprise Infrastructure Solutions vehicle.

  • Workforce
    Shutterstock image ID: 569172169 By Zenzen

    OMB looks to retrain feds to fill cyber needs

    The federal government is taking steps to fill high-demand, skills-gap positions in tech by retraining employees already working within agencies without a cyber or IT background.

  • Acquisition
    GSA Headquarters (Photo by Rena Schild/Shutterstock)

    GSA to consolidate multiple award schedules

    The General Services Administration plans to consolidate dozens of its buying schedules across product areas including IT and services to reduce duplication.

Stay Connected

FCW Update

Sign up for our newsletter.

I agree to this site's Privacy Policy.