Although the Centre for Defence Enterprise (CDE) has already established a strategy for an automated cyber defence response at an international level for key government departments, the need for collaboration with the private sector is key to safeguarding global cyber security.
The man in charge of the US Department for Homeland Security (DHS), Jeh Johnson, addressed the RSA Conference last month with a call for a greater alliance across the government and private sectors. With the global economy still in the recovery zone, individual resources and finances to protect cyberspace are limited. By combining forces, all parties stand to benefit.
Aspiring to the UK model of cyber security
With an approach similar to the UK’s Cyber Security Information Sharing Partnership (CISP), the US’s NCCIC National Cyber security and Communications Integration Center initiative is providing almost real-time threat detection and sharing its findings across the private sector on an automated process. Johnson commented:
“In 2014, the NCCIC identified 265 instances of the Heartbleed vulnerability across dozens of government departments and reduced that to just two in a three-week period.”
Over 97,000 incidents were reported to the NCCIC last year alone, and warnings were issued across the alliance. Members have received further initiatives to share threat indicators, with US President Obama presenting plans for legislation to protect organisations from criminal and civil liability.
Johnson wants to see this alliance become stronger in addressing vulnerabilities, and plans to expand the network in 2015 to allow the automated delivery of incoming digital threat indicators from the private sector.
The NCCIC is intending to share indications of imminent and present threats with a trial group of companies, with plans to add others in future.
Cyber attacks come from all across the globe and are not discerning about the nations they target. This indiscriminate approach is difficult to defend without global collaboration, and Johnson recognises the need for a multi-national alliance.
Meeting with the minister of public security and the minister of cyber space administration of the People’s Republic of China this year, Johnson acknowledged the importance for these two super economies to forge a future together in a global cyber defence policy.
The DHS, like the UK government, has recognised that, because the private sector can pay more, it attracts more of the talented and skilled security professionals. In order to benefit further, the US government has established an exchange programme with leading players in the technology sector.