govciooutlook
Sign In

Subscribe to our Weekly Newsletter to get latest updates to your inbox
July - 20239GOVERNMENT CIO OUTLOOKIf we want to have any hope of being able to stem the cyber tide, we need to receive intelligence at machine speed or as close to it as possible so that we can take advantage of technology to do something constructive with this information. It is impossible to manually take all the information received in the form of IOCs (indicators of compromise) and do something meaningful with it. Automation is the key by which we can take this intel and protect our organizations ­ temporary blacklisting, DNS sinkholing, reporting and threat modelling, etc. But Why a National Approach?We have determined that, while effective, sector-based sharing is hardly sufficient to gain a holistic awareness of the threat landscape. Disparate sectors need to share with one another, but how? Creating a national standard would ensure that, regardless of sector, there was a uniform way to disseminate IOCs in such a way that organizations could take action. There are standards out there, just not widely adopted and none mandated, at least across all public and private sectors. For example, CISA (Cybersecurity Infrastructure and Security Agency) has the AIS (Automated Indicator Sharing) platform that uses open standards for intel sharing like STIX (Structured Threat Information Expression) for cyber threat indicators and TAXII (Trusted Automated Exchange of Indicator Information) for machine-to-machine communications. Truthfully, most threat intel sharing platforms, open source and paid, support STIX/TAXII. Where a national approach would be most helpful is the trust factor.The real issue with taking threat intelligence and doing something at machine speeds is that one must trust the information being shared implicitly. Most of us in this industry have more stories about false positives being shared in threat feeds than we care to admit. Until a national standard is adopted and followed, we will continue to see a series of communities sharing with one another, to varying degrees of effectiveness. However, sharing at a comprehensive national level will continue to elude us all. There are standards out there, just not widely adopted and none mandated, at least across all public and private sectors
< Page 8 | Page 10 >