Today’s cyber threat environment features a proliferation of cybercrime and attacks from nation-state, nonstate, and nation-state-sponsored actors on both public and private sector systems, along with global “contagions” that can affect large swaths of digital infrastructure simultaneously. To address these challenges to America’s security, we need to have a national cybersecurity program that is effective at all levels: national, state, local, and across various private sector industries. The federal nature of our government, and the resultant division in its structure and authorities, demand that state governments take an active and proactive role in responding to threats to their citizens and the organizations located in their jurisdiction.
The national security of the U.S. is inherently tied to the cybersecurity of the 16 critical infrastructure sectors that the Department of Homeland Security has designated; says the study done by Global Cyber Political Watch (2019). While national cybersecurity initiatives are currently in place to provide key resources to critical infrastructure sectors, the federal system of government in the U.S. means that there is a limited role for state and local governments to affect the cybersecurity of the critical infrastructure. As the cyber threat environment continues changing, however, it is important that state and local governments don’t try to over-regulate cybersecurity with prescriptive laws or guidelines. Instead, the federal example of providing overview frameworks and voluntary guidelines should be followed while states develop their own approach to cybersecurity (Global Political Watch, 2019)
Global Cyber Watch Study
Global Cyber Political Watch. (2019). State of the States: The Role of State Governments in Protecting the Cybersecurity of Critical Infrastructure.
Cybersecurity for the States: Lessons from Across America
The major study in 5/31/2018 focused n AZ, NJ and WA state.
Cohem, N & Nussbaum, B. (2018). Cybersecurity for the States: Lessons from Across America.
Cyber Incident Response and Resiliency in Cities
Cities and other local governments are the core service providers for citizens and businesses. Ensuring the security of municipal systems is essential to ensuring basic safety, quality of life, and economic prosperity.
Cohen, N. (2019). Cyber Incident Response and Resiliency in Cities.
A Development Model for Regionally Based IASOs
As of June 2016, there are only 23 information sharing and analysis centers (ISACs) and 20 information sharing and analysis organizations (ISAOs) across the country that are registered with the ISAO Standards Organization. Out of this small number, only five ISAOs are dedicated to the cyber defense of state, local, territorial, and tribal (SLTT) communities. In response to the increasing cyber threat to our nation’s domestic security, the Johns Hopkins University Applied Physics Laboratory (JHU/APL) and the Arizona Cyber Threat Response Alliance (ACTRA) are collaborating to promote the development of interactive SLTT cyber ecosystems based on ACTRA’s strengths and organizational lessons learned. The ACTRA model serves as the preferred framework for the development of a national cybersecurity ecosystem that is comprised of independent ISAOs that might cluster together across numerous regions This report explores the ACTRA model and identifies critical aspects for implementing similar frameworks elsewhere as part of a national swarming cyber-defense strategy to crowdsource cyber protection, mitigation, and recovery from cyber incidents.
Johns Hopkins Applied Physics Lab & ACTRA (2017). Private Study, Available at discretion.
Cloud Security Alliance Releases New Research: Building a Foundation for Successful Cyber Threat Intelligence Exchange
Paper offers key considerations for corporations seeking to collaborate on security incidents impacting the cloud environment
The Cloud Security Alliance (CSA), the world’s leading organization dedicated to defining and raising awareness of best practices to help ensure a secure cloud computing environment, today released new research on Building a Foundation for Successful Cyber Threat Intelligence Exchange, the first in a series of reports that will provide a framework to help corporations seeking to participate in cyber intelligence exchange programs that enhance their event data and incident response capabilities.
Authored by the CSA Cloud Cyber Incident Sharing Center (CISC) Working Group, the report was written primarily for corporations beginning to explore—or that have already begun—the exchange of cyber security event data. The paper offers high-level, yet practical, guidance to support companies in three key areas:
Connecting with sharing partners and exchange platforms that best meet their needs,
Identifying the capabilities and business requirements that will form the foundation for a value-driven cyber intelligence exchange program, and
Understanding the basics of the exchange process so they can efficiently share the event they see and more efficiently operationalize any intelligence they collect.
“While any organization with at least one person dedicated to cyber intelligence should consider participation in an exchange to enhance its own data, we wanted to further assist security teams with both emerging and mature internal cyber intelligence capabilities,” said Brian Kelly, co-chair of the Cloud-CISC Working Group and CSO of Rackspace. “Because the cloud industry is already taking advantage of many of the advanced technologies that support cyber intelligence exchange, and has such a unique and large footprint across the IT infrastructure, we believe that we have a real opportunity to make cyber intelligence sharing pervasive.”
“This paper is the first in a series of planned efforts to provide guidance and enable new users of cyber intelligence exchanges to benefit from the lessons learned from those who have already walked the path. It serves as a prototype for those seeking to derive value from shared cyber intelligence,” said Dave Cullinane, Cloud-CISC Working Group co-chair and founder of TruSTAR Technology. “We believe our efforts will serve as a model for those across the IT landscape seeking to derive value from cyber intelligence exchange."
The Cloud-CISC Working Group seeks to eliminate existing security “stovepipes” by incubating trusted communities of cloud providers for the purpose of sharing cyber incident information anonymously.
Individuals interested in becoming involved in the future research and initiatives of the group are invited to join the group.
Building a Foundation for Successful Cyber Threat Intelligence Exchange is a free resource from the CSA.