In a recent SBIC report one of the recommendations for protecting against Advanced Threats was to ‘participate in information exchange’. Defending against advanced threats will require new models for information sharing. Historically organizations have been reluctant to share threat information but it is becoming increasingly vital that organizations share information and more importantly share it in real-time. The reluctance comes from perceived legal risks and liability issues that concern so many legal departments. The nature of APT’s also suggests that the type of verticals targeted e.g. defense, utilities, technology and pharmaceuticals, typically would be reluctant to share threat information.
The concept of information exchange is not new and many lessons can be learned from Neighbourhood Watch schemes which were first introduced in the UK in 1982 with one objective – to reduce crime. There are now some 150,000 schemes running throughout the UK covering nearly five million households, which makes Neighbourhood Watch the largest voluntary movement in the country. These schemes target local crime problems and take action to prevent them. In consultation with the law enforcement they can find out from local people what crimes most concern and affect them and focus on those specific problems.
Cyber experts have talked about having ‘trust communities’ to share information and learn from each other. Indeed, the UK government has set aside £650m of new money as part of their Cyber Crime Strategy to better protect key infrastructure and defense assets from “cyber warfare”. Much of the strategy focuses on improving links with the private sector on the issue of cybercrime – with “hubs” to allow information to be shared on cyber threats and a pledge to look at new ways to bring together businesses, academics and government to exploit the latest innovations in tackling the threat. We can draw on the experience of Neighbourhood Watch when it comes to setting up ‘Trust’ Communities. Here is what they set out to do:
Prevent crime by improving security, increasing vigilance, creating and maintaining a caring community and reducing opportunities for crime by increasing crime prevention awareness
- Assist the police in detecting crime by promoting effective communication and prompt reporting of suspicious and criminal activity
- Reduce undue fear of crime by providing accurate information about risks and by promoting a sense of security and community spirit, particularly among the more vulnerable members of the community
- Improve police/community liaison by providing effective communication channels, and by members informing the police of incidents when they occur.
The benefits of belonging to a scheme are:
- Improved communication between police and public so that officers can deal with local problems
- Research suggests criminals can be deterred from entering an area if they know residents are vigilant and have taken steps to safeguard their property
- Practical crime prevention advice from members from both the police and their co-ordinators
- Reduced premiums for members from many insurance companies
We can all learn from the success and recognise the benefits of these schemes. If you read the above in context to cybercrime then surely this is exactly what we are trying to achieve in setting up Trust communities with public and private sectors. This pledge by the UK government is a promising step but in reality will be challenging to deliver and measure success. It shouldn’t only be up to the government, although some form of legislation to encourage this collaboration effort would help. The public and private sectors have to realise and accept that they need to work together to combat the ever challenging advanced threat. Hopefully, we can expect to see some success stories in the near future so watch this space….