November 20, 2017
In recent testimony before the House Homeland Security Subcommittee on Cybersecurity and Infrastructure Protection, USTelecom SVP of Cybersecurity Robert Mayer shared industry perspective on maximizing the value of cyber threat information.
In his testimony, Mayer explained that the value of information sharing among organizations is to assist in strategic cyber preparation to better assure the reliability, availability and resiliency of the nation’s networks. Yet, the sheer volume of cyber threat information sources present some challenges in creating real value.
Most of the concerns relate to the information’s quality and usability. While the information distributed may be helpful to certain entities, the value proposition remains elusive for companies with more mature, sophisticated cybersecurity programs.
Providers must ensure the confidentiality, integrity and availability of their communications networks and systems. To do so, any information sharing mechanism used needs to produce timely, accurate and actionable information that will improve the providers’ security posture or it is not of value.
Privacy and security safeguards for sharing processes that allow proper information to reach certain individuals in a timely fashion need to be implemented. This massive effort requires constant innovation, ongoing evaluation and disciplined resource allocation.
To make cyber threat information sharing more viable and valuable, Mayer recommended the government analyze the function and audience’s needs of information sharing programs, and identify gaps that need to be filled.
Many organizations, especially smaller service providers, are unfamiliar with the breadth and depth of information sharing entities or lack the resources to commit to these enterprises.
Mayer asserted that, “without effective information sharing, we have no hope of combatting emerging threats to our national and economic security.”
However, opportunities lie in the information sharing processes as evident in the ongoing efforts of the Department of Homeland Security to engage industry and to increase the value of their information sharing programs.
While there are no easy solutions for these companies, trade associations like USTelecom are providing a critical link to information resources that can enhance their security posture.