Overcoming Cyberthreat Intelligence-Sharing Hurdles
While some organizations are improving their ability to share cyberthreat intelligence with other entities within the same sector, cross-sector cyber intelligence collaboration is still difficult. But cyber fusion centers can help automate that process, according to Errol Weiss of the Health Information Sharing & Analysis Center and Anuj Goel of security firm Cyware.
“To this day, there are definitely a lot of challenges in cross-sector sharing. We’re not doing as much as we could be,” Weiss says. For instance, much of the cyber information sharing in healthcare occurs among members of H-ISAC, he notes.
But, the use of cyber fusion centers – such as those developed by H-ISAC and some other sector ISACs – is helping to automate cross-member and cross-sector intelligence sharing and response to ransomware and advanced threats, Weiss says in an interview with Information Security Media Group.
Cyber fusions are “becoming next-gen SOCs … helping to enable collaboration … and gain more continuous alerting and actionable intelligence,” Goel notes in the same interview.
“Each ISAC needs to automate their environment first before they share from ISAC to ISAC,” Goel says. “Silos can begin sharing more tactical, technical or operational threat intelligence and enhance situational awareness. They can also share vulnerability and malware alerts in real time, as opposed to sitting on those for many hours.”
In this interview (see audio link below photos), Weiss and Goel also discuss:
- How cyber fusion centers work at individual enterprises, at specific industry ISACs and across ISACs and organizations in different sectors or countries;
- The role cyber fusion centers can play in responding to cyber incidents, such as the recent Kaseya ransomware attack;
- What’s next for cyber fusion centers.
Weiss joined the Health Information Sharing and Analysis Center in April 2019 as its first CSO. He has over 25 years of experience in information security. He previously was a senior vice president executive with Bank of America’s global information security team and created and ran Citigroup’s Cyber Intelligence Center.
Goel is CEO and co-founder of security firm Cyware. He has more than 20 years of experience in the security industry, including serving as the head of global strategy and planning covering information security at Citigroup. Goel was also an executive committee member of the Financial Services Sector Coordinating Council and has participated in several leading information-sharing initiatives.