By Christy Coffey, head of cyber security at TM Forum
The “greatest threat to markets and governments around the world is cyber security”, the Depository Trust & Clearing Corp, which processes US stock trades, said in a Bloomberg article this week.
Indeed, there is growing global interest to create community-based threat awareness amongst the public and private sectors to potentially disrupt future cyber-attacks. In July, the UK government partnered with nine companies, including BT, to share cyber threat information; similar partnerships across Europe and beyond are not far behind.
The UK government is taking the right steps because defending against cyber threats will be more effective if we have a better way to share threat information across industries, vendors and providers.
According to Clive Reeves, CISO at Telstra: “Collaboration is a key to developing and delivering effective responses - the collective industry reach and input is far greater than that which can be achieved by organisations operating as information islands.”
To date, however, experts such as Brian Rexroad, Internet Activity Security Analyst at AT&T, point out that there has been only limited effort to standardise and implement means to automate sharing of threat information.
To help jump start cyber threat intelligence sharing, TM Forum has assembled a team of security subject matter experts from Orange, the UK government’s Defence Science and Technology Laboratory, AT&T, Telstra, Bell Canada, along with vendors Cyber Squared, EMC/RSA, Symantec, Microsoft, Edge Technologies and cVidya.
In May, members of this team applied a combination of COTS products, standards-based interfaces and a threat intelligence sharing architecture to develop an end-to-end solution for sharing threat intelligence to mitigate cyber-attacks, aka “The Cyber Neighborhood Watch.”
Phase two of the project, scheduled for delivery in October at TM Forum’s Digital Disruption 2013 in San Jose, California, will expand the scope of threats shared – likely APT, mobile malware, and DDoS – harden interfaces, add dashboards for visualization, and show how responses to newly shared threat intelligence can be automated.
However, sharing threat intelligence is only the first step in fighting cyber-attacks. It is also important to continually assess and act on threat intelligence. As a result, the team is working on a second project, “Dashboarding Cyber Security Readiness,” which identifies and defines dashboard metrics that effectively communicate cyber awareness, such as active threat information, compliance and network readiness, and incident management, and combines the information into a single view so that C-Level executives can take immediate action in critical situations.
Bell Canada and TOA Technologies are leading this project with the help of Birmingham College and Brunel University in London, and The MITRE Corporation, among others.
Telecommunications is considered national critical infrastructure, and while the majority of TM Forum members contributing to these important efforts are communications-based, the problems we are addressing are industry agnostic.
Cyber threats are occurring in every industry in every corner of the world every day, and all stakeholders have an opportunity to learn from and adopt this important work.