Account Menu

IP Address: 195.154.151.123

Applied Cyber Intelligence: A Theory on Intelligence Sharing

By: DarkMatters.norsecorp.com

There has been an identified need to share Cyber Intelligence. The history of the discussion dates back a number of years and the actual timeline is out of the scope of this study.

However, it is important to understand that the need for sharing this type of information is so that it ultimately becomes actionable and applied. It is not difficult for an individual to search the Internet to find various organizations whose sole purpose is for the dissemination of Cyber Intelligence.

Therefore, it can easily be assumed by reference alone, that the need is real and not perceived; and, that there is kinetic energy as well as financial resources devoted to this work.

Yet, there are a few key challenges with this type of information sharing. Most of the concern resolves itself to a single question: What exactly do we share? This brief study is an attempt to move the discussion forward by postulating a theory regarding a plausible solution to this question.

The Theory

Considering the question there has been much debate on what to exactly share. The items range from attribution of an entity to technical details regarding an attack. It can be argued that those asking the question do not have the technical competency to complete the answer in full.

However, in any organization whether public, private, or academic there is linkage between ambiguous policy language and actual engineering requirements.

The subject of sharing although debated is more complex than simply legislation whereby the roots of the challenge extend into social perceptions and team efficacy; meaning: Who do we trust with this information?

On the surface, and below, to debate this lack of trust between entities can be directly attributed to the reason why there is no clear answer to the question itself.

Furthermore, in much of the technical iterations of the data, vendors hold closely their knowledge of the threat landscape as it presents a clear means for the monetization of data.

There is no direct nomenclature for this theory. However, the term ‘theory’ appears to aptly apply to this plausible solution on sharing. The theory supposes that in general we do nothing but in doing nothing we enable something; an almost quantum approach to sharing.

The idea is such that legislation, markets, and entities remain the same while the engineering approach to information sharing changes; thus, naturally enabling information while disturbing the least amount of disruption to the landscape and retaining the ability to sustain industry(s).

Connected Systems

Contemporary Cyber Security systems now share information between all ‘same’ vendor connected systems; thus, what is known on one becomes known on all.

For example: The same vendor next generation firewalls share information with a central vendor supplied source and then push new threat information to all other vendor solutions when new information becomes available.

This is very similar to the way in which anti-virus systems share new updates. This in itself is a form of Intelligence sharing. Moreover, some vendors are now creating conglomerates for Intelligence sharing. These conglomerates are teams of vendors who share information amongst themselves.

When one conglomerate vendor system receives a new piece of information it can then distribute that information among other vendor systems within the conglomerate. The overall benefit is a broader landscape for Intelligence collection and dissemination.

However, the drawback to this is that the information still remains within the silo of the individual vendor or conglomerate. Yet, this indeed is a step in the right direction due in part to the fact that vendor’s typically sit at the edge of the threat landscape and bear much of the burden with regards to Cyber Intelligence collection.

Continue reading article – HERE

, ,