Cyber-threat information sharing cooperative: Need of the hour

In a competitive corporate world, mostly driven by commercial interests, no stakeholder alone can and/or will sustainably identify and address all the cyber threats of the fast‐changing digital landscape Image: Shutterstock

Intelligence sharing between stakeholders of cybersecurity is perhaps the most salient challenge that has been hard enough for them to resolve together. If resolved, it would significantly benefit the improvement in cybersecurity overnight. The scale and complexity of the challenge are such that organisations will need to understand cyber-risks caused by threats in minute detail to minimise the annual trillion-dollar loss impact cyber-breaches induce in the Fourth Industrial revolution.

In a competitive corporate world, mostly driven by commercial interests, no stakeholder alone can and/or will sustainably identify and address all the cyber threats of the fast‐changing digital landscape. Catalyzed by strict regulations, a foundational cyber-threat sharing ‘cooperative’ among cybersecurity stakeholders ensuring trusted, secure, and scalable cyber information sharing is the need of the hour. The concept of the sharing ‘cooperative’ will enable competitive enterprises to cooperate on detecting and deterring threat actors —subsequently improving their cyber-defence capabilities, at the same time improving the overall collective cyber-resilience of the digital ecosystem.

However, there is no standard approach to form this ‘cooperative’ as they are determined by factors specific to business sectors and the effectiveness of cyber-governance applicable to those sectors. Nonetheless, according to the World Economic Forum (WEF), the typical cyber-threat-related information that is necessary to gather are:

• the anomalous activity are we seeing,
• the time-space coordinates of where a certain cyber-threat is seen,
• the system weaknesses cyber-threat exploits,
• the potential cyber-threat actors for a given threat,
• the possible cyber-threats that may accompany any network system and their rationale points,
• the modus operandi of a cyber-threat, and
• possible threat-mitigation approaches.

One must note that trust and privacy-induced jurisdictional and cross-sector collaboration barriers will remain in any ‘cooperative’ ecosystem. Address it to increase the effectiveness of information sharing and promote greater cyber-resilience. In terms of the existence of information-sharing ‘cooperative’ models, progress has been made in the last decade through the formation of multiple ISACs, such as:

1. Financial Services Information Sharing and Analysis Center (FS-ISAC),
2. Cyber Threat Alliance (CTA),
3. Computer Incident Response Center for Civil Society (CiviCERT),
4. Mining and Metals Information Sharing and Analysis Center (MM-ISAC),
5. Telecommunication Information Sharing and Analysis Center (T-ISAC),
6. European Police Office (Europol),
7. National Cyber Forensics and Training Alliance (NCFTA), and
8. Microsoft Digital Crimes Unit.
   

However, the information collection volumes leave a lot to be desired. To this end, we first state five barriers to the progress of collecting greater information.

Also read: Seven commandments of privacy governance in information capitalist societies

(1) Jurisdictional barrier - There are obvious jurisdictional and cross-sector collaboration barriers.

(2) Trust barrier - There is a lack of trust between key players at operational and governmental levels. Specifically, while geopolitics-driven cyber-fragmentation hampers cooperation and affects public‐sector enthusiasm for data exchange programmes, the private sector often opts out of the cyber-threat information sharing process with governments, for fear of the regulatory impact on the lines of privacy rights and their violations. In addition, there is also the fear of giving private sector competitors an edge over media reporting about the sharing of sensitive consumer data.

(3) Negligence barrier - The well-documented C-suite ‘negligence’ (or behavioural bias) to invest enough in cybersecurity resources for long-term benefits has affected threat intelligence—a sub-discipline of the cybersecurity skills market.

(4) Geographical barrier - The geographical variations in the strengths of laws regarding the violation of human privacy rights (aided by lack of guidance tools) make cross-border sharing of cyber-threat information complicated. In addition, many governments around the world mandate that the data of their citizens should not leave geographic boundaries—this can frustrate or forbid the fluid sharing of cyber-threat information.

(5) Incentive barrier - There are hardly any positive tangible incentives (e.g. insurance incentives and protective benefits) for organisations to share cyber-threat information. They are most concerned about reputational damage and/or legal exposure for revealing the particular attacks they experienced.

To address the above-mentioned barriers, a radical technology-driven information-sharing paradigm rooted in modern AI and privacy-enhancing technologies (PETs) is the need of the hour. These state-of-the-art technologies will accelerate our collective ability to overcome many of these current barriers and better ensure our collective resilience. Organisations with sufficient amounts of labelled cyber-threat data can train reliable and noise-robust ML models. AI tools such as state-of-the-art Natural Language Processing (NLP) can clean up previously unstructured data for sharing and analysis. Post this step, comes the reliable learning algorithms rooted in deep learning that can generate remarkable accuracy levels on learning tasks. Clean data and reliable ML algorithms significantly boost cyber-governance effectiveness. The research field of interpretable AI, which aims to design models that produce outputs and explanations for outputs can help organisations and legislative bodies understand and explain the rationale of any automated decision‐making for full accountability and audit.

PETs (taking the form of encrypted computation and differential privacy) can improve the cyber-threat information-sharing effectiveness by enabling data sharing that adheres to mathematically guaranteed privacy preservation. PETs are great technical tools to manage data-driven corporate cyber-risks in a future information-sharing age. They will be useful to managers to deploy safeguards to prevent tampering and unwanted access to sensitive/private portions of shared data. On a regulatory level, PETs could be used to identify potential data and investigative opportunities in different public and private organisations and jurisdictions with high levels of assurance and integrity without sharing the data directly.

Ranjan Pal (Massachusetts Institute of Technology, Sloan School of Management)
Bodhibrata Nag (Indian Institute of Management Calcutta)

[This article has been published with permission from IIM Calcutta. www.iimcal.ac.in Views expressed are personal.]