The ask from this blog series is for experts to engage in discussions that drive the adoption of effective operator-driven sharing models that leverage our small number of skilled threat analysts.
The purpose of this line of thinking is not to drive adoption of open and international standards over US Government funded efforts, but rather to get people to think critically and push toward better and more effective sharing models.
While this thought process could result in the broad adoption of focused and secure protocols developed in the IETF, it could also force a review that better distinguishes what data formats and protocols should be used where. We may either drive a convergence of solutions or focus each of these standards-based efforts for adoption into appropriate use cases and even specific exchanges within use cases. By leading discussions that critically analyze threat sharing models and effective secure exchanges, we can move away from fruitless discussions on data formats and protocols to ones that help us achieve the goal of better securing organizations of all sizes. A side benefit may be a clear understanding of when each of these data models is appropriate for use. And who knows, maybe DHS will even move their efforts into an international standards body as promised and we can reduce redundant work while offering more secure and effective solutions.
Over the past year or more, my observations in the area of information sharing have motivated me to think more critically about how we can better combat threats while having a broad impact with the very few number of skilled analysts that exist as described in the RSA Perspectives paper and a few subsequent blogs.
In order to avoid repeating content from previous papers and blogs, here are some links for the applicable background for a deeper understanding of considerations for effective and efficient sharing models:
- Information Sharing Done Right – What’s Useful to Share and Who Should Get It?
- Information Sharing: How Do We Share Data Effectively?
- Do Standards Matter for Information Sharing?
And a related blog from my colleague, Peter Tran:
- Putting Threat Intelligence to Good Use
While these publications were motivated from observed potential scalability issues, the proposed solutions work equally well to address the strong push for greater data privacy with information sharing concerns post-Snowden. The main difference is that there should be an increased industry focus on the security and privacy of exchanged information both in transit and storage. Although these are not new concerns, there is a greater awareness of solutions and tradeoffs to higher security levels. As such, I’d like to dive into a few topics that I have not seen enough discussion and critical analysis to date in the following blog topics:
- Information sharing post-Snowden, what changes?
- How do we break out of the newer sharing models that limit participation to very large organizations?
Stay tuned for the next two blogs in this series.