Page 6 - Cyber Warnings
P. 6
sources and methods that typically cause material information to be classified and largely outside of
access to industry and other stakeholders… is critical.
To be clear, industry is interested in detecting, preventing, and mitigating cyber attacks.
Government is often also interested in investigating and identifying perpetrators which causes a lot
of information to be classified… often over-classified. The “need to know” culture across
government must be replaced by “need to share” in order to provide critical information to those
that actually make risk management decisions regularly and need access to timely and actionable
intelligence that can inform those decisions. As in physical security, it is not possible to protect
everything all of the time. The same is true in cybersecurity. Therefore, access to actionable threat
intelligence is an important arrow in the quiver of security and resilience.
One way to accomplish improvement in this effort would be to immediately follow through on the
establishment and commitment to the concept of a Joint Threat Intelligence Engagement Working
Group that is populated by industry leadership and subject matter experts from across the critical
infrastructure sectors such as energy; communications; financial services; communications; and
information technology to name a few, working collaboratively with leaders and subject matter
experts from the Department of Homeland Security, the FBI, and others across the intelligence
community.
This group would be convened regularly and as needed to develop, review, and produce products
such as Joint Intelligence Bulletins and Threat Activity Reports with actionable information to be
shared across the stakeholder community in a regular and sustained manner. This type of
coordinated effort is an important component to making informed cyber risk management decisions
and taking affirmative steps to interrupt, disrupt, or prevent malicious cyber activity. Such a
collaborative initiative was proposed by the Partnership for Critical Infrastructure Security ( PCIS ) in
2012 and initially embraced by the Department of Homeland Security, although follow up by DHS
and implementation of this important approach has lingered for more than three years.
Committing and then following through on producing a National Cyber Incident Response Plan
(NCIRP) that provides a predictable and sustainable strategic approach and set of dynamic
operational playbooks that articulate roles and responsibilities for government, industry, and other
stakeholders during various thresholds of escalation for a cyber event with national or even global
consequences, is an essential requirement that regrettably does not exist today.
In 2008, a talented and dedicated group of knowledge and experienced public and private sector
subject matter experts embarked on an effort to create a first-ever NCIRP. That coordinated and
collaborative effort produced a draft strategic blueprint that outlined the framework for an effective
approach to incident response in the event that the nation should be confronted with a cyber event
of national consequence. In 2009 that draft document was forwarded to the White House for review
and approval. Following an interagency government review process, the document has remained in
a draft interim status since 2010.
Building on the good work of that collaborative approach, it is way past time to move forward with
publishing a National Cyber Incident Response Plan and the accompanying operational plans that
describe various roles and responsibilities, procedures and protocols that are predictable and
6 Cyber Warnings E-Magazine – January 2016 Edition
Copyright © Cyber Defense Magazine, All rights reserved worldwide