The first article in my monthly column for DarkReading is now available. The Gamble Behind Cyber Threat Intelligence Sharing looks at how current approaches to threat intelligence sharing are reminiscent of the Griffin Book or the blacklist used by casinos to identify known cheaters. From the article:
In theory, sharing threat intel makes sense. But in cybersecurity you’re not dealing with known individuals, you’re dealing with anonymous adversaries capable of rapid change.
The U.S. Department of Homeland Security deployed its Automated Indicator Sharing (AIS) system in March to enable the exchange of cyber threat intelligence among private and public organizations. Their motivation is clear: to increase the breadth and speed of information sharing in order to help all types of organizations act more quickly and better defend themselves against emerging threats.The concept of sharing information to fight common adversaries is nothing new. It’s similar to the Griffin Book or the blacklist used by casinos to identify known cheaters. The casinos share information on shady characters with the gaming board or Griffin Investigations, and they disseminate that information to all casinos so they can identify and ban cheaters. It’s a great idea – share the intelligence and everybody (but the cheater) wins. And in the case of casinos fighting criminals in physical locations, it makes all the sense in the world.
There is almost unanimous agreement among security professionals that cyber threat information is similarly valuable to their organizations. However, digging deeper into the attitudes and implementation barriers to sharing that information unveils myths and significant reticence that make it a lot less simple than it might sound.
The full article is available here.