With sophisticated hacking schemes gaining velocity, maintaining an organization's cyber security can feel demanding. Few know that reality better than the federal government. In response to the events of September 11, 2001, the Department of Homeland Security, together with Congress, began to develop methods by which to gather crucial information on illicit cyber activity and disseminate it to other government agencies within the national security enterprise and private networks considered as critical infrastructure. Known as the Information Sharing Environment (ISE), DHS endeavored to boost inter-agency cooperation and reduce attitudes clinging to parochial interests in order to better protect the country from future cyber peril.
According to the ISE blog, "It also sets the stage for the automated sharing of not just technical indicators, but the context under which that event took place. This will provide decision makers across organizations with the much-needed situational awareness they need to develop a sense for how to respond. The Cyber Threat Framework is gaining adoption across the Intelligence Community; the next step will be to expand adoption across the federal government and throughout the state, local, tribal, and territorial, and private sector communities."
Private Sector ISE
Taking its cue from DHS, The National Institute of Standards and Technology (NIST) developed guidelines for private sector formulation of ISEs. Of course, private industry, being highly competitive, faces different challenges when creating information sharing environments. However, as all are vulnerable, they recognize the value in generating a system of trust-based networks where an attack on one company can be the prevention of the others. Today, it may be company A under attack. But if Company A shares its information so Companies B through Z avoid the threat, then Company A will enjoy the same benefit another time.
An information sharing environment, especially when an organization is tied into several ISEs, can help defend against an external attack. When businesses, big and small, tap into ISEs, their situational awareness in the cyber realm expands exponentially. Companies, alerted at the first sign of an attack somewhere in the network, can assume a defensive posture immediately and prepare to elude the aggressors.
Real Time Monitoring and Automation
The larger the enterprise, the more likely it is to have IT staff monitoring for suspicious activity. Smaller establishments can benefit from the resources of larger ones within the ISE, or they may contribute to real time monitoring themselves by implementing software that can automatically detect threats, analyze them and send alerts without any expensive humans glued to an array of screens. With a machine-to-machine exchange system in place, the automated environment can relieve much of the human effort to detect, identify, track and destroy cyber intrusions.
Artificial Intelligence or Machine Learning
Machine learning can analyze threat trends based on the shared information from the ISE. Like IBM's Watson, artificial intelligence has the capacity to determine what activity constitutes a potential threat, what is likely to be a hack and what is an attack in progress. The program itself, acting on established protocols, can then instantly spring the trap on the perpetrators. The data from the event then cycles into the program so cyber assaults of the same nature will fail at the outset across the ISE. Computer data will be more secure as AI predicts attacks and counters them automatically.
As the Internet of Things (IoT) continues to grow, even simple consumer devices can be hijacked and used for cyber crimes. Private companies, already suffering data insecurity, should travel in packs to protect themselves. By joining information sharing environments, enterprises can stay a pace or two ahead of the problem.