Ezine

This article can also be found in the Premium Editorial Download "Information Security magazine: How security pros can benefit from information sharing."

Download it now to read this article plus other related content.

TIPS: Trading Success

    Requires Free Membership to View

Security managers have long known the benefits of sharing event information and collaborating on security problems. What's impeded them is the fear that disclosure would compromise their security and tarnish their company's reputation. Ernie Hayden and Kirk Bailey recommend the following to facilitate the building of trusted collaboration relationships.

Leverage Connections. When building trusted networks of friends and colleagues, look first to your Rolodex. Ask your friends for referrals of good, trustworthy and knowledgeable people to talk with and ask for introductions.

Think Locally. Just because you can communicate with someone via e-mail in China doesn't mean you have to. Being able to meet with someone for lunch and call in the same time zone is more advantageous than trying to manage far-flung acquaintances.

Be Honest. Sharing information only works if you're honest with your partners. Telling half-truths and redacting details hinders the exchange.

Avoid Bureaucracies. Too much formalization and organization will hamper information sharing and collaboration. Keep relationships simple and informal; the more comfortable people are, the more willing they are to share information.

Don't be an Alarmist. You're partners are counting on you to provide them with timely, accurate and actionable intelligence. Don't diminish their confidence in you by constantly warning of disasters and threats. Likewise, don't overburden your friends and partners with trivial questions and problems. Use your network wisely.

Breaking a Cloistered Culture
Cooperation in infosecurity is notable for its rarity. Consultant Ted Demopoulos recently asked 60 security professionals whether they or the hacker community was better at information sharing. "There was just laughter," he says.

The digital underground is a meritocracy; hackers rate themselves on their technical prowess and their capers' success. This means they must be open with information about their tools, targets and methodologies. In contrast, security professionals usually only share what most everyone already knows, not their actual experiences. But, keeping mum means missing out on useful intelligence and potential help.

"There are way more antagonists and players out there than there are keepers of the gate on our side," says Peter Garlock, CIO of the Port of Seattle and Hayden's boss, who likes the cooperation between his organization and the city. If CISOs can discuss problems safely, they can leverage all that experience--at no cost.

Hayden and Bailey have developed a mutual trust, which some security pros just don't get. "When we started raising the specter of CISO-to-CISO conversation, people gave us the look of 'What a concept' and 'What a brilliant idea,' but they didn't want to do that," Hayden says.

The ground Hayden and Bailey tread is perilous; they know they risk the possibility of having their problems appear instantly in a blog or in tomorrow's newspaper. Equally powerful is the fear of appearing vulnerable and weak. That's why building trust is critical. Time is the key ingredient.

The two infosecurity pros met years ago when Hayden was security director for a software company and Bailey, already CISO for Seattle, was running a vulnerability assessment exercise for the city. Over the years, they kept in touch and became friends. When Hayden became the Port of Seattle's first infosecurity chief, they couldn't have asked for better collaboration conditions. Not only did they know and trust each other, but the city and the port are inseparable business partners.

And Hayden and Bailey aren't just sharing their experiences, but also their contacts. If they don't know the answer to a problem, they can call upon their network of peers and acquaintances. "We use each other's black book," says Bailey. "This was a hyperjump to a whole new level of trust."

It's not unheard of for security professionals to consult colleagues and friends. Where their relationship differs is in the extension of trust. If Bailey can rely on what a given contact says, for example, Hayden can as well. The two also act as liaisons to their respective peer networks. If someone has relevant information--such as a warning of an attack or discovery of a new vulnerability--the news bubbles up in one of their networks. Hayden and Bailey share it, so it reaches the other's contacts. Because all the affiliations are informal, there is no bureaucracy to control how information travels. As a result, Hayden and Bailey say, intelligence is quickly communicated.

"The current cybersecurity practice has siloed reporting, where attacks are cross-jurisdictional," Bailey says. But industries and enterprises, regardless of their vertical category, are bound together. A problem in the electrical or telecommunications infrastructure ripples into problems for manufacturing and municipal operations. Hayden and Bailey argue that any truly effective cooperation must break down the walls between industries, even those between government and the private sector.

This was first published in January 2005

There are Comments. Add yours.

 
TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
Sort by: OldestNewest

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to: