The key to data and Internet security moving forward is likely going to be the efficient exchange of threat intelligence, but experts said the new plan proposed by the U.S. Department of Homeland Security may need to go further.
Reuters reported that DHS Secretary Janet Napolitano will direct the agency to share classified data on vulnerabilities that may be unknown to application developers. These indicators would then be shared with security partners who can detect and block the exploit from taking advantage of companies and their infrastructure. Jeff Jacoby, director of information systems, operations and services at Raytheon, told CSO Online that this privileged information will never leave the service provider at any point.
This move toward a greater level of information sharing is something many security experts have been waiting for years to see, but limiting the data flow is something that many experts would not like to see, the website said.
"While it is understandable that the government is starting slowly, I would like to see much broader sharing of information," said Wolfgang Kandek, chief technology officer for vulnerability management company Qualys. "From an offensive point of view, it is certainly valuable to maintain a certain number of exploits in private, but for defense the best option is to share the vulnerability information with the software vendor as quickly as possible."
House of Representatives Intelligence Committee Chairman Mike Rogers told Reuters that he was glad to share this information with companies but said it needed to be kept in check to help avoid tipping off cybercriminals or rival organizations. Michael Daniel, the White House cybersecurity policy coordinator, recently told a summit that the program was still evolving with what kind of information would be shared and said this would continue to evolve in step with the threats themselves.
One problem with how this information sharing program will work, according to Andrew Braunberg, research director for NSS Labs, is that the government wants to have its own access to zero-day threat vulnerabilities. It has been recently revealed that the U.S. government is one of the top buyers of these types of threats for their own purposes, leading Braunberg to say that the government wants the situation to go both ways.
"They don't really want these vulnerabilities to disappear because they want to use them offensively, but they don't want the same vulnerabilities to allow hacking of U.S. assets," he told CSO.
Security News from SimplySecurity.com by Trend Micro.