A matter of months after it was revealed that the US National Security Agency (NSA) collected data on all of our activities; its director has now said that information should be shared better.
According to Threatpost, General Keith Alexander, who was heckled
by members of the audience during his keynote at the Black Hat conference in Las Vegas in July, has said that the NSA, along with other federal agencies such as the FBI, Department of Homeland Security and CIA, need to find a way to share the attack and vulnerability information they collect in order to help key private organisations react to emerging threats.
In his keynote, Alexander defended the use of tools such as Prism for the defence of the country and he has now followed the trend of believing that the best method defence is to share knowledge and intelligence in real-time. He also said that the network of those contributing and sharing information could include companies in foreign countries as well.
Threatpost reported that during Alexander’s keynote speech at the Billington Cybersecurity Summit, he said: “We need the authority for us to share with them and them to share with us. But because some of that information is classified, we need a way to protect it. Right now, we can’t see what’s happening in real time. We’ve got to share it with them, and potentially with other countries.”
We don’t have that shared situational awareness we need,” he said. “So we’re developing a common operational picture. If we can’t see it, we can’t respond to it. We have to do that at network speed. We have to share what we know about those threats and they have to tell us what they see. This is where Internet service providers are critical, not just here but with our allies.
“We have to work with industry, because we can’t see it. Right now what happens is the attack goes on and we’re brought in after the fact. And I can guarantee you 100 percent of the time we cannot stop an attack after the fact. That legislation that we’re pushing for is absolutely important for our country.”
The audience was reportedly mainly filled with industry and government workers, so Alexander would have been unlikely to have faced the same response he did in July, but he appealed to the audience to help support the information sharing concept and any legislation that may be required to implement it.
The concept of information sharing was a key theme of the RSA Conference in February, where Michael Daniel, special assistant to the US President and White House cyber security coordinator, said that “sharing is about improving volume that we share with the public sector” and there were three ways it was looking at doing this: firstly determining whether specific information can do a better job of pushing out to entities who are targeted or at a classified or unclassified level; the second is expanding enhanced cyber security services and setting up a programme to use classified information in a way to protect critical infrastructure; finally, the Department of Homeland Security secretary can clear people on the other side to deal with it.
Michael Chertoff, former US secretary of Homeland Security, said that as so much information
is highly classified, it is hard to talk in concrete terms about values, but he welcomed a start on this “as things are getting worse and getting worse still”.
He said: “This is not a full investment in what we need to do in cyber security, as we face accelerating threats. The executive order can tell government what to do and not the private sector, the programme is expanding to share information as usually it is classified, but to get an early warning on cyber security, we need to know how to get a safe space to share experiences with our colleagues. We are isolated, but the victim is empowered when you share in real-time.”
This followed President Barack Obama’s state of the union address to Congress, where he announced plans to improve cyber security information sharing, where a voluntary information sharing program would provide classified cyber threat and technical information from the government to eligible critical infrastructure companies or commercial service providers that offer security services to critical infrastructure.