As cyber threats increase in frequency and intensity worldwide, it has never been more crucial for governments and private organizations to work together to identify, analyze and combat attacks.
Yet while the federal government has strongly supported this model of private-public information sharing, the reality is less than impressive. Many companies feel that intel sharing is too one-sided, as businesses share as much threat intel as governments want but receive very little in return.
The question is, have government entities like the FBI and CISA made significant changes to how they share intel with private organizations, or are we still facing the same frustrations and challenges as before?
Private-public intel sharing — what changed since 2021?
The year 2022 has brought a raft of new cyber threats, many of which relate to the Russia-Ukraine conflict. Despite the rising number of threats, confidence in government cybersecurity cooperation has remained skeptical.
This article, published in 2021, questioned the government’s ability or willingness to answer several key security-related questions:
- Where was the data found?
- Who was the attacker?
- How was the attack uncovered?
- What defensive measures were in place at the time of the attack?
- What details are shareable versus what could prompt a secondary attack?
Has the situation changed in 2022? Despite some promising signs, the outlook is not overly optimistic.
An oversight report released by the Department of Homeland Security (DHS) Office of Inspector General said that the government bodies still failed to provide adequate information and context surrounding the cyber threat data it shared with third parties.
“Most of the cyber threat indicators did not contain enough contextual information to help decision-makers act. We attribute this to limited AIS functionality, inadequate staffing and external factors,” the report states.
Despite the onslaught of new cyber threats, it seems that government agencies are failing to provide the private sector with clear, contextually relevant and valuable information that might help them improve their security postures and take appropriate defensive action.
Private-public information sharing in the global sphere
In the face of these challenges, major cyber events may have eased some distrust between sectors.
Beginning in early 2022, the Ukraine war brought many new security concerns for both public and private organizations. The elevated threat motivated the government to prioritize its intel sharing with private companies.
In a statement by the FBI in March, Director Christopher Wray committed to working more closely with the private sector.
“Today, with the ongoing conflict raging in Ukraine, we’re particularly focused on the destructive cyber threat posed by the Russian intel services, and cyber criminal groups they protect and support. We have cyber personnel working closely with the Ukrainians and our other allies abroad, and with the private sector and our partners here.”
A reassuring feature of the statement was the explicit acknowledgment of the importance of the private sector’s role in national cybersecurity:
“The biggest difference between the model we built to fight terrorism and the way we battle cyber threats is the importance of the private sector. Private networks, whether they belong to a pipeline operator, some other kind of victim or an Internet service provider, are most often the place we confront adversaries. We share information with the private sector whenever we can through one-on-one outreach, through cyber threat bulletins and through our many partnerships.”
While these statements are indeed a step in the right direction, it’s still too early to determine if they translate into tangible actions for businesses. That said, one useful marker here is ISAC participation.
ISAC participation is up
ISACs — Information Sharing and Analysis Centers — are organizations designed to provide a place for gathering and sharing information on critical cyber threats. The idea is to facilitate easier data sharing between the private and public sectors. Higher participation in these bodies by private sectors could indicate a growing level of trust in the government by businesses and a move to a healthier, more productive and equal intel-sharing relationship.
At first glance, the news is positive. ISACs are gradually growing in number, and new ones are frequently introduced. In theory, this is a good foundation for more cooperation between the public and private sectors on intel sharing, but what’s happening in practice?
Inadequate information weakens cooperation
One of the issues with government intel-sharing in the past has been the government’s lack of additional information and guidance when sharing threats.
Often, governments would share information about the existence of a specific threat but fail to provide any recommendations on how to address or remediate it. Unfortunately, that criticism still exists in 2022.
According to the Department of Homeland Security’s insight report, CISA did not always provide enough information to help private entities effectively deal with vulnerabilities.
The report noted that “deficiencies in the quality of threat information shared among AIS participants may hinder the federal government’s ability to identify and mitigate potential cyber vulnerabilities and threats.”
The future of private-public threat intel sharing: What can be done now
So what does the future hold? CISA has spoken about plans to improve information sharing. From the DHS report:
“During the past 18 months, CISA’s Cybersecurity Division has added additional contractual resources to better support information sharing and is also assessing a longer-term approach to allocate resources to fully support this critical mission area.”
The project’s estimated completion date is January 31, 2023.
Only time will tell whether information sharing between sectors will improve. While government agencies make optimistic overtures and half-promises, the private sector must make do with whatever information they can get and hope it’s enough.
Historically, enterprises are reluctant to share security information due to compliance or maintaining a competitive advantage. But community services like IBM’s X-Force Exchange can make collaboration simpler and safer.
Adversaries already do this, so why not the enterprise? Whether it’s an ISAC or any other method of information sharing, better sharing practices will always help organizations reduce threat risk.