As cyber threats increase in frequency and intensity worldwide, it has never been more crucial for governments and private organizations to work together to identify, analyze and combat attacks.

Yet while the federal government has strongly supported this model of private-public information sharing, the reality is less than impressive. Many companies feel that intel sharing is too one-sided, as businesses share as much threat intel as governments want but receive very little in return.

The question is, have government entities like the FBI and CISA made significant changes to how they share intel with private organizations, or are we still facing the same frustrations and challenges as before?

Private-Public Intel Sharing — What Changed Since 2021?

The year 2022 has brought a raft of new cyber threats, many of which relate to the Russia-Ukraine conflict. Despite the rising number of threats, confidence in government cybersecurity cooperation has remained skeptical.

This article, published in 2021, questioned the government’s ability or willingness to answer several key security-related questions:

  • Where was the data found?
  • Who was the attacker?
  • How was the attack uncovered?
  • What defensive measures were in place at the time of the attack?
  • What details are shareable versus what could prompt a secondary attack?

Has the situation changed in 2022? Despite some promising signs, the outlook is not overly optimistic.

An oversight report released by the Department of Homeland Security (DHS) Office of Inspector General said that the government bodies still failed to provide adequate information and context surrounding the cyber threat data it shared with third parties.

“Most of the cyber threat indicators did not contain enough contextual information to help decision-makers act. We attribute this to limited AIS functionality, inadequate staffing and external factors,” the report states.

Despite the onslaught of new cyber threats, it seems that government agencies are failing to provide the private sector with clear, contextually relevant and valuable information that might help them improve their security postures and take appropriate defensive action.

Private-Public Information Sharing in the Global Sphere

In the face of these challenges, major cyber events may have eased some distrust between sectors.

Beginning in early 2022, the Ukraine war brought many new security concerns for both public and private organizations. The elevated threat motivated the government to prioritize its intel sharing with private companies.

In a statement by the FBI in March, Director Christopher Wray committed to working more closely with the private sector.

“Today, with the ongoing conflict raging in Ukraine, we’re particularly focused on the destructive cyber threat posed by the Russian intel services, and cyber criminal groups they protect and support. We have cyber personnel working closely with the Ukrainians and our other allies abroad, and with the private sector and our partners here.”

A reassuring feature of the statement was the explicit acknowledgment of the importance of the private sector’s role in national cybersecurity:

“The biggest difference between the model we built to fight terrorism and the way we battle cyber threats is the importance of the private sector. Private networks, whether they belong to a pipeline operator, some other kind of victim or an Internet service provider, are most often the place we confront adversaries. We share information with the private sector whenever we can through one-on-one outreach, through cyber threat bulletins and through our many partnerships.”

While these statements are indeed a step in the right direction, it’s still too early to determine if they translate into tangible actions for businesses. That said, one useful marker here is ISAC participation.

ISAC Participation is Up

ISACs — Information Sharing and Analysis Centers — are organizations designed to provide a place for gathering and sharing information on critical cyber threats. The idea is to facilitate easier data sharing between the private and public sectors. Higher participation in these bodies by private sectors could indicate a growing level of trust in the government by businesses and a move to a healthier, more productive and equal intel-sharing relationship.

At first glance, the news is positive. ISACs are gradually growing in number, and new ones are frequently introduced. In theory, this is a good foundation for more cooperation between the public and private sectors on intel sharing, but what’s happening in practice?

Inadequate Information Weakens Cooperation

One of the issues with government intel-sharing in the past has been the government’s lack of additional information and guidance when sharing threats.

Often, governments would share information about the existence of a specific threat but fail to provide any recommendations on how to address or remediate it. Unfortunately, that criticism still exists in 2022.

According to the Department of Homeland Security’s insight report, CISA did not always provide enough information to help private entities effectively deal with vulnerabilities.

The report noted that “deficiencies in the quality of threat information shared among AIS participants may hinder the federal government’s ability to identify and mitigate potential cyber vulnerabilities and threats.”

The Future of Private-Public Threat Intel Sharing: What Can Be Done Now

So what does the future hold? CISA has spoken about plans to improve information sharing. From the DHS report:

“During the past 18 months, CISA’s Cybersecurity Division has added additional contractual resources to better support information sharing and is also assessing a longer-term approach to allocate resources to fully support this critical mission area.”

The project’s estimated completion date is January 31, 2023.

Only time will tell whether information sharing between sectors will improve. While government agencies make optimistic overtures and half-promises, the private sector must make do with whatever information they can get and hope it’s enough.

Historically, enterprises are reluctant to share security information due to compliance or maintaining a competitive advantage. But community services like IBM’s X-Force Exchange can make collaboration simpler and safer.

Adversaries already do this, so why not the enterprise? Whether it’s an ISAC or any other method of information sharing, better sharing practices will always help organizations reduce threat risk.

More from Intelligence & Analytics

2022 Industry Threat Recap: Manufacturing

It seems like yesterday that industries were fumbling to understand the threats posed by post-pandemic economic and technological changes. While every disruption provides opportunities for positive change, it's hard to ignore the impact that global supply chains, rising labor costs, digital currency and environmental regulations have had on commerce worldwide. Many sectors are starting to see the light at the end of the tunnel. But 2022 has shown us that manufacturing still faces some dark clouds ahead when combatting persistent…

Cybersecurity in the Next-Generation Space Age, Pt. 3: Securing the New Space

View Part 1, Introduction to New Space, and Part 2, Cybersecurity Threats in New Space, in this series. As we see in the previous article of this series discussing the cybersecurity threats in the New Space, space technology is advancing at an unprecedented rate — with new technologies being launched into orbit at an increasingly rapid pace. The need to ensure the security and safety of these technologies has never been more pressing. So, let’s discover a range of measures…

Backdoor Deployment and Ransomware: Top Threats Identified in X-Force Threat Intelligence Index 2023

Deployment of backdoors was the number one action on objective taken by threat actors last year, according to the 2023 IBM Security X-Force Threat Intelligence Index — a comprehensive analysis of our research data collected throughout the year. Backdoor access is now among the hottest commodities on the dark web and can sell for thousands of dollars, compared to credit card data — which can go for as low as $10. On the dark web — a veritable eBay for…

The 13 Costliest Cyberattacks of 2022: Looking Back

2022 has shaped up to be a pricey year for victims of cyberattacks. Cyberattacks continue to target critical infrastructures such as health systems, small government agencies and educational institutions. Ransomware remains a popular attack method for large and small targets alike. While organizations may choose not to disclose the costs associated with a cyberattack, the loss of consumer trust will always be a risk after any significant attack. Let’s look at the 13 costliest cyberattacks of the past year and…