“Not like border security”
Daniel served as President Obama’s top cyber advisor during his second term in office. The MIT Technology Review recently caught up with him in an interview during the Black Hat cybersecurity conference. Daniel said that the use of cyberattacks by nation state actors is changing how security is approached, requiring the development of new rules and regulations.
As every major government adds cyberattacks to its weapons arsenal, Daniel thinks we should establish “rules of the road” so they don’t destabilise the cyber industry. He also dismissed the notion of cybersecurity being “like border security,” noting that “everybody in cyberspace is touching somebody else.”
Escalating threats to the government
Since the reality of government-sponsored hackers is changing how cybersecurity is tackled, a different relationship between the government and private sector firms may be required. In serious incidents, the response required for an emerging threat from a nation-grade actor might extend beyond the resources of a private company. In this scenario, protocols should be established that allow state facilities to intervene.
READ NEXT: Canada: Hackers targeted country’s 2015 election, may try again
“In a natural disaster, the response starts locally,” Daniel noted. “If it begins to overwhelm the local officials, the state government steps in. If it goes beyond the state, they might call on mutual aid from other states. If it goes beyond that, FEMA steps in from the national level. What’s the cyber equivalent of that?”
“Inadequate” threat intelligence
Daniel’s now president of the Cyber Threat Alliance (CTA), an initiative that creates a platform for tech firms to share threat information. Speaking during the interview, he said the CTA is trying to turn the competitive cybersecurity industry towards a more cooperative model.
At its core, the CTA recognises that no cybersecurity firm has the resources or information to combat every threat. Individually, each company’s threat intelligence database is “inadequate.” Closed off from the wider industry and fed by proprietary monitoring technologies, private data pools are limiting the evolution of wider cybersecurity responses.
Shared pools of data
The CTA wants to push companies to centralise their data pools into a single resource. Any member of the industry could utilise this vast repository of threat information, giving end users better protection against advanced attacks. Daniel expressed frustration at the competition in the industry, suggesting it could be diverted towards more productive channels which feed off each other.
READ NEXT: Cyberattacks: What businesses can do
“Instead of continuing to compete on ‘my inadequate pool of data is bigger than your inadequate pool of data,’ we need to have shared our pools of data, and the competition should be on ‘I do better things with the data’ – I’m faster, or I integrate with your company better, or I understand your business model better – whatever it is,” Daniel commented to the MIT Technology Review. “That’s a higher-level of competition. Everybody will be better off.”
As governments expand their cyberweapon arsenals, it’s becoming increasingly apparent that conventional security techniques can’t scale to meet the new threats. It’s not yet obvious how responses to serious government-backed attacks should be coordinated though, whether handled by interlinked private companies or a unified state body. The CTA seems to be a step in the right direction but it will take backing from the private sector and the government before it sees success.
