Former cyber czar takes reins of threat information-sharing alliance

Consortium urges vendors, private sector, government to take holistic path to security

Share on FacebookShare on Google+Tweet about this on TwitterShare on LinkedInEmail this to someonePrint this page

Barack Obama’s clarion call for wider sharing of threat intelligence is being heeded by a handful of top cybersecurity vendors.

I was in the audience at Stanford University in 2015 when President Obama signed a milestone executive order urging the corporate sector to dramatically advance the sharing of cyber attack intelligence among themselves and with the federal government.

Then last month, I was covering the giant RSA 2017 cybersecurity conference in San Francisco, when Obama’s longtime cybersecurity czar, J. Michael Daniel, was named as the new president of the rejuvenated Cyber Threat Alliance.

The idea for CTA came about a few years ago when senior executives from Fortinet, McAfee, Palo Alto Networks, and Symantec formed an exchange to share threat intelligence.

But the organization kept a low profile—until recruiting Daniel, and announcing his appointment. CTA also announced the addition of Israeli firewall pioneer Check Point Software and network tools giant Cisco as full-fledged members.

Industry wary of sharing

Keep in mind, the cybersecurity industry is obsessively competitive. Not only do security vendors rigorously cloak the secret sauce in their flagship products, they also tend to be very circumspect about sharing any deep intelligence, lest they give up a marketing advantage.

The result is a duplication of effort, on the part of the good guys, who also forgo the opportunity to put up a more unified defense against the bad guys.

President Obama signed an executive order urging information sharing of cyber threat attacks between the private sector and the government in February 2015 at Stanford University.

The global cybersecurity community has long recognized the need for a higher-level intel sharing among tech security vendors—as well as between the government and the private sector. This was something Obama, with advice from his cybersecurity czar, Daniel, recognized. And it was something Obama championed with his 2015 executive order calling for wider sharing.

Daniel takes skills to nonprofit

So it’s fitting that Daniel now carries that torch into the private sector. Daniel built a 17-year career as an official of the Office of Management and Budget. Then he succeeded the recently deceased Howard Schmidt as special cybersecurity adviser to the president in 2012, leaving that post on Jan. 20, along with several other senior federal cybersecurity officials.

Related video: Remembering Howard Schmidt

And now Daniel has resurfaced as the head of an organization charged with doing exactly what Obama called for—wider threat intel sharing. Each CTA member has agreed to provide 1,000 unique malware executables per day. Daniel will direct this collection, and oversee the ensuing analysis. He also will recruit new CTA members.

“The whole premise of the CTA is bringing together multiple organizations that collectively see more than any one of them alone,” Daniel said at a news conference at RSA.

Other governments invited to table

Daniel also let it be known that he plans to reach out to various governments. “The long-term goal has got to be to cover as much of the ecosystem as we possibly can,” he said. “That is inevitably going to, down the road, involve how we actually share information back and forth with governments.”

Amnon Bar-Lev, Check Point Software president

I got a chance to sit down with Check Point President Amnon Bar-Lev to discuss CTA and Daniel’s appointment. He gave the example of several CTA members detecting different markers of a major ransomware attack. Each vendor would toss something into the pot. And this should lead to quicker, more thorough responses to everyday threats. Bar-Lev said.

“We see more security activities as a group than anybody else in the world,” Bar-Lev noted. “Check Point has a presence of about 1 million gateways alone, and McAfee has like 50 million seats in the world, and Symantec is even bigger, I believe.”

When CTA is firing on all cylinders, the customers of its member companies will benefit greatly, Bar-Lev contends. “Each and every vendor will take home the right intel that it can use and transform it immediately into a prevention measure.”

For a deeper dive into my discussion with Bar-Lev, listen to the accompanying podcast.

More stories related to threat information sharing:
Silence isn’t golden: Information sharing is key to combating cyber attacks
The case for wider sharing of threat intelligence in 2015
Obama orders companies, government to share threat intel