15 September 2016

Does best intel come from public or private sector?


September 12, 2016 

Information sharing between the government and private sector has been a fractious issue. Measures such as the Cybersecurity Information Sharing Act, or CISA, aimed to curb these schisms. In a more general sense, when it comes to intelligence and information sharing from the private sector or the government, some feel one is not necessarily better than the other.

“I think there’s valuable information provided by both entities,” Chris Boyer, assistant vice president for global public policy at AT&T, said during a Sept. 8 panel discussion at the 2016 Intelligence and National Security Summit. On the private sector side, there are a lot of firms providing intelligence, he said, to which his company subscribes. However, he noted, “we also get information from the government through the NCICC … so we do get some classified information from the government that we do find valuable.”

James Katavolos, senior vice president for the Cyber Intelligence Center at Citibank, seconded Boyer’s assertions during the same panel discussion, noting that “even if it’s 20 percent of the time the government comes through with something very useful and important, obviously we want that.”

He also said that since neither the public nor private sector has a complete picture of the threat environment, “what we need to do is figure out how to marry those two sources up to make sure that government can do what it needs to do to secure itself … and private sector networks and the private sector has what it needs.”

From the government’s perspective, intelligence aggregation is akin to reading various newspapers of differing skews or regions.

“When I go and I talk to my intelligence community partners, I tell them that I don’t rely solely on sigint [signals intelligence]," Greg Touhill, deputy assistant secretary of cybersecurity and communications at the Department of Homeland Security, said during the same panel. "If you read the same newspaper every day and that’s the only newspaper you read, then you don’t have a good view of the world,” 

“So I’m looking at a bunch of newspapers every day just like I’m going through multiple sources of information, including open source. One of the things I’ve been whipping my intelligence analysis team members on is, in fact, I want more open source reporting,” said Touhill, who was named by the White House on Sept. 8 to serve as the first federal chief information security officer. “I think that there’s a burgeoning market that’s exploded in a positive manner over the last couple of years in cyber intelligence reporting. Researchers are coming to us on a regular basis with new findings and vulnerabilities and the like.”

When it comes to intelligence, however, others expressed that the best intelligence may in fact come from the private sector and not the government.

“In general, because the private sector controls most of the infrastructure and has a lot of the intellectual property that the bad guys are after, I think ultimately we’re going to get the most useful information out of the private sector,” Michael Allen, partner at Beacon Global Strategies, said during the panel.

CrowdStrike President Shawn Henry conveyed a similar sentiment. “I see [threats and risk within the private sector] every single day, I saw it in my time at the bureau and I see that now, but that is the battlefield; we’ve got civilians, citizens who are literally fighting nation-states day in and day out,” he said on Sept. 7 at the summit. “Twenty-eight-[year-olds], 32-year-olds who have no war training to fight and sustain an attack by a nation-state adversary — yet that’s what they’re being asked to do because in our current role while the government brings great value and great benefit to help to deter our adversary, the reality of it is we are not sitting in the ISPs filtering out all the traffic. Therefore all the malicious code, all the adversary’s capabilities are being brought to bear in the private sector, and often times that’s the first line of defense.”

Henry said an agreement that the private sector is the battlefield could provide the government ample intelligence and assist in the elusive attribution problem, better enabling the government to bring all its tools to bear on the perpetrators.

This very issue is one of the reasons many, including Allen, believe it is important to fully implement CISA. Though, another bulwark toward greater information sharing is over classification by the government.

“There is this whole issue of over-classification and sensitivity of data and whether or not governments are really going to provide the full context of information, meaning that in order to be actionable, the information really needs to be contextual as well,” Boyer said. He added that there appears to be a tendency by the government to over-classify and not release information when it concerns foreign actors.

Touhill agreed with Boyer on this issue, asserting he has tried to work with the intelligence community to change the paradigm.

“If it was gathered via hyper-classified means, that doesn’t mean the information gathered necessarily needs to be classified over top secret … particularly when I’m reading it in a newspaper this morning,” he said.

“Rick Ledgett, [deputy director of the National Security Agency], has been a huge champion of working with us to make sure that we have processes in place so that if we in fact do see something that’s out in the wild that it automatically, that we have procedures to declassify that,” he said. 

http://www.c4isrnet.com/articles/how-us-responds-to-cyber-incidents?utm_source=Sailthru&utm_medium=email&utm_campaign=Daily%20Brief%200913&utm_term=Editorial%20-%20Daily%20Brief

No comments: