• TREND MICRO
  • ABOUT
Search:
  • Latest Posts
  • Categories
    • Android
    • AWS
    • Azure
    • Cloud
    • Compliance
    • Critical Infrastructure
    • Cybercrime
    • Encryption
    • Financial Services
    • Government
    • Hacks
    • Healthcare
    • Internet of Everything
    • Malware
    • Microsoft
    • Mobile Security
    • Network
    • Privacy
    • Ransomware
    • Security
    • Social Media
    • Small Business
    • Targeted Attacks
    • Trend Spotlight
    • Virtualization
    • Vulnerabilities
    • Web Security
    • Zero Day Initiative
    • Industry News
  • Our Experts
    • Ed Cabrera
    • Rik Ferguson
    • Greg Young
    • Mark Nunnikhoven
    • Jon Clay
    • William “Bill” Malik
  • Research
Home   »   Industry News   »   Cloud Computing   »   DHS needs better sharing plan, experts say

DHS needs better sharing plan, experts say

  • Posted on:May 22, 2013
  • Posted in:Cloud Computing, Current News, Cybercrime, Privacy & Policy
  • Posted by:
    Trend Micro
0

The key to data and Internet security moving forward is likely going to be the efficient exchange of threat intelligence, but experts said the new plan proposed by the U.S. Department of Homeland Security may need to go further.

Reuters reported that DHS Secretary Janet Napolitano will direct the agency to share classified data on vulnerabilities that may be unknown to application developers. These indicators would then be shared with security partners who can detect and block the exploit from taking advantage of companies and their infrastructure. Jeff Jacoby, director of information systems, operations and services at Raytheon, told CSO​ Online that this privileged information will never leave the service provider at any point.

This move toward a greater level of information sharing is something many security experts have been waiting for years to see, but limiting the data flow is something that many experts would not like to see, the website said.

"While it is understandable that the government is starting slowly, I would like to see much broader sharing of information," said Wolfgang Kandek, chief technology officer for vulnerability management company Qualys. "From an offensive point of view, it is certainly valuable to maintain a certain number of exploits in private, but for defense the best option is to share the vulnerability information with the software vendor as quickly as possible."

House of Representatives Intelligence Committee Chairman Mike Rogers told Reuters that he was glad to share this information with companies but said it needed to be kept in check to help avoid tipping off cybercriminals or rival organizations. Michael Daniel, the White House cybersecurity policy coordinator, recently told a summit that the program was still evolving with what kind of information would be shared and said this would continue to evolve in step with the threats themselves.

One problem with how this information sharing program will work, according to Andrew Braunberg, research director for NSS Labs, is that the government wants to have its own access to zero-day threat vulnerabilities. It has been recently revealed that the U.S. government is one of the top buyers of these types of threats for their own purposes, leading Braunberg to say that the government wants the situation to go both ways.

"They don't really want these vulnerabilities to disappear because they want to use them offensively, but they don't want the same vulnerabilities to allow hacking of U.S. assets," he told CSO.

Security News from SimplySecurity.com by Trend Micro.

Related posts:

  1. How dangerous is Duqu? Experts are unsure
  2. Data sharing proposal is nice start, but more work needed, legislators say
  3. Government agencies working toward secure procurement
  4. U.S. government releases new plan for cybersecurity

Security Intelligence Blog

  • Our New Blog
  • How Unsecure gRPC Implementations Can Compromise APIs, Applications
  • XCSSET Mac Malware: Infects Xcode Projects, Performs UXSS Attack on Safari, Other Browsers, Leverages Zero-day Exploits

Featured Authors

Ed Cabrera (Chief Cybersecurity Officer)
Ed Cabrera (Chief Cybersecurity Officer)
  • Ransomware is Still a Blight on Business
Greg Young (Vice President for Cybersecurity)
Greg Young (Vice President for Cybersecurity)
  • Not Just Good Security Products, But a Good Partner
Jon Clay (Global Threat Communications)
Jon Clay (Global Threat Communications)
  • This Week in Security News: Ransomware Gang is Raking in Tens of Millions of Dollars and Microsoft Patch Tuesday Update Fixes 17 Critical Bugs
Mark Nunnikhoven (Vice President, Cloud Research)
Mark Nunnikhoven (Vice President, Cloud Research)
  • Twitter Hacked in Bitcoin Scam
Rik Ferguson (VP, Security Research)
Rik Ferguson (VP, Security Research)
  • The Sky Has Already Fallen (you just haven’t seen the alert yet)
William
William "Bill" Malik (CISA VP Infrastructure Strategies)
  • Black Hat Trip Report – Trend Micro

Follow Us

Trend Micro In The News

  • Trend Micro Goes Global to Find Entrepreneurs Set to Unlock the Smart Connected World
  • Winners of Trend Micro Global Capture the Flag Demonstrate Excellence in Cybersecurity
  • Companies Leveraging AWS Well-Architected Reviews Now Benefit from Security Innovations from Trend Micro
  • Trend Micro Announces World's First Cloud-Native File Storage Security
  • Digital Transformation is Growing but May Be Insecure for Many
  • Home and Home Office
  • |
  • For Business
  • |
  • Security Intelligence
  • |
  • About Trend Micro
  • Asia Pacific Region (APAC): Australia / New Zealand, 中国, 日本, 대한민국, 台灣
  • Latin America Region (LAR): Brasil, México
  • North America Region (NABU): United States, Canada
  • Europe, Middle East, & Africa Region (EMEA): France, Deutschland / Österreich / Schweiz, Italia, Россия, España, United Kingdom / Ireland
  • Privacy Statement
  • Legal Policies
  • Copyright © 2017 Trend Micro Incorporated. All rights reserved.