Speaking to ComputerWire last week, former White House cyber security advisor Howard Schmidt said that the Strategy called upon the private sector to address certain security issues, and that the industry is starting to self-organize.
You’ll see coalitions and associations forming, Schmidt said. There are some specific things going on right now. No further details were forthcoming, but vulnerability information sharing is believed to be a target issue.
Schmidt, who was involved in the Strategy until his resignation in April, was hired by eBay Inc as VP of security, and has just joined the board of Qualys Inc, a vulnerability detection services firm. Qualys will announce his appointment today.
The Strategy, published in February, concluded that in general, the private sector is best equipped and structured to respond to an evolving cyber threat and called on the Department of Homeland Security to coordinate public-private cooperation.
As a result of the document, the DHS last week created a National Cyber Security Division to track threats, and manage the government’s interaction and partnership with industry and other organizations.
According to Pete Allor, director of operations for the IT Information Sharing and Analysis Center (IT ISAC), which acts as a clearinghouse for vulnerability information, any industry movement is in its formative stages.
Allor, who manages Internet Security Systems Inc’s X-Force threat intelligence services, said that informal talks have moved beyond idle discussion. He identified the lack of a party to step forward and organized things as a sticking point.
Deciding on an operational model is very key, he said. Somebody’s going to have to put up resources. There is also the issue of which companies in which specific areas of technology are initially involved in any coalitions.
Currently, different areas of IT security have different relationships in place. Anti-virus vendors have informal agreements to share virus data in a timely manner, but other types of vulnerability information come from a wide variety of sources.
As security threats become more blended – taking on characteristics of previously discreet problems – it will become more important for security companies and end users to have access to information and fixes before the hackers do.
Currently, the IT ISAC acts as a neutral clearinghouse for information security threat data. Hosted by ISS, the system scrubs data of identifiable information and allows members to access it to help protect their own assets.
Source: Computerwire
