Enable breadcrumbs token at /includes/pageheader.html.twig

Government, Industry Must Expand Cyber Intelligence Sharing

Efforts must expand the levels of sharing as well as the data exchanged.

Defeating cyberthreats will require greater sharing among government and industry in new ways, according to cyber intelligence experts. A panel at the AFCEA/INSA Intelligence and National Security Summit 2014, being held September 18-19 in Washington, D.C., explored new issues in cyber intelligence information sharing.

Cyber intelligence sharing is important at the intrusion level as well as at the strategic level, maintained Ron Carback, defense intelligence officer for cyber, Defense Intelligence Agency. Tom Conway, director, federal business development, FireEye, emphasized that organizations must look at cyber intelligence strategically, not in a tactical sense. When an intruder penetrates an organization, defenders must examine why the adversary chose their group.

Conway added that his company found that 98 percent of the organizations his firm targeted had been penetrated, but about 76 percent only once by an adversary targeting them. The intruder may be back, he offered; and analysts must determine the adversary’s shopping list.

Cyber intelligence must move toward more tradecraft, Conway added. Matt Gaston, director, Emerging Technology Center, Software Engineering Institute, Carnegie Mellon University, stated that a strong demand exists for people who want to share cyber intelligence and share it with the tradecraft. He called for a guild in cyber intelligence to help determine what defenders do and how they do it.