Increased access and sharing is generally considered a good thing -- especially when it comes to cyber security. But it can become a liability when an unauthorized user gains access to confidential information.
To solve that problem some are fighting fire with fire, or more specifically using sharing as a defensive weapon by increasing access to information about cyber attacks to alert organizations about current threats. That's the premise of a new cyber security law and of
IBM Corp. (NYSE: IBM) X-Force Exchange.
On December 18, 2015, President Obama signed off on the 2,000 plus page omnibus budget bill, that amounted to spending $1.8 trillion in a combination of government allocation and tax breaks. Among the items packed into this gargantuan package is the Cybersecurity Act of 2015, also known as the Cybersecurity Information Sharing Act (CISA). Set to stay in effect until September 30, 2025, it's a bill that will keep on giving for a decade. But not all regard it as a gift.
The bill had some vociferous opposition, most notably from the group called Fight for the Future. As late as December 16, the organization appealed for a veto on the law. Its campaign director, Evan Greer, declared that the bill is "a disingenuous attempt to quietly expand the U.S. government's surveillance programs, and it will inevitably lead to law enforcement agencies using the data they collect from companies through this program to investigate, prosecute, and incarcerate more people, deepening injustices in our society while failing to improve security."
The part that critics of the bill are most uncomfortable with is the permission granted to monitor networks. That makes up the first of three components of the bill's effects that comes under the heading "Authorizations for Preventing, Detecting, Analyzing, and Mitigating Cybersecurity Threats," presented in the analysis of the bill by Orin Kerr, Research Professor at The George Washington University Law School. He sums it up as: "First, network operators can monitor; second, they can operate defensive measures; and third, they can share information with others."
The third part of the mitigation formula is the equation of forewarned is forearmed. The idea is that putting out updates about the latest cyber threats in real (or very near real) time would give a heads up to other organizations that can take preventative action to avert attacks. The same assumption underlies IBM X-Force Exchange (XFE), a cloud-based platform for accessing information about cyber threats.
The dynamics of XFE work along the same principle of alerts that drivers see when using the Waze app. Instead of giving warnings about potholes, speed traps, or accidents on the road, XFE offers visualized data on malicious IP addresses, URLs and vulnerabilities around the globe. Though it was really designed to benefit people in the network security space, anyone can obtain an IBM ID to log on to the site and access the information on the SaaS platform.
The information comes in from a variety of sources, as explained in XFE's FAQ. It is sourced from IBM's internal infrastructure and databases, as well as from open source content and third-party partnerships to augment that information, according to the document. On that basis, it comes up with a risk score, location, categorization information, historical content and DNS information for IPs.
In addition to the reports in real time, IBM constructs reports of trends and shifts over the course of a year, as it did for 2014 in its IBM X-Force Threat Intelligence Quarterly, 1Q 2015.
Among the findings of the report was the fact that the overwhelming majority of cyber attacks -- a whopping 70.5% of them -- occurred in the US. Second on the list was the UK with a mere 3.4%. The report provides some contextual explanation for the huge discrepancy. One is the fact that the US is home to "more high-profile websites" than found in most other countries. The other is the issue of what gets reported. Given stricter "disclosure laws" here than abroad, when there is a breach, we do get to hear about it.
The report also reveals the primary targets by industry. In 2014 computer services was far in the lead of attacked industries at 28.7%. Retail came in second at 13%, and government third at 10.7%. One part of the report that is lacking, though, is specificity on the types of attacks. The largest segment of the pie chart -- 40.2% -- is labeled "undisclosed." That's followed by both malware and DDOS with 17.2% a piece.
When all the numbers are in for 2015, it will be fascinating to compare all these results to see which areas have become more secure and which more vulnerable. We also may have more data to get beyond nearly half of attacks eluding specific identification. Certainly, getting greater participation in sharing information should bring some clarity to that question. But will that that insight translate into better security? What do you think?
— Ariella Brown, Freelance Contributor, special to The New IP