Cyberalert centers seek more cooperative links
- By William Jackson
- Oct 02, 2002
While establishing methods for sharing information about cyberthreats within critical commercial sectors, the nation's information sharing and analysis centers learned to share data with one another'and occasionally with government as well.
The government still lies outside the formal information-sharing process, but cooperation between the public and private sectors is improving, said Pete Allor, operations director for the IT ISAC.
'Code Red was the turning point,' said Allor, manager of the threat intelligence service of Internet Security Systems Inc. of Atlanta. 'That's the first time we reached out to government, and government reached back.'
The ISACs were created over the past several years'with the government's blessing'as a way for businesses to overcome competitive and antitrust concerns in sharing information about common threats and vulnerabilities. Each group is autonomous and formed with the hope that they also would facilitate cooperation with government agencies.
Allor said development of closer ties with government could be a future step in the ISACs' evolution.
The outbreak of several varieties of the Code Red worm in July of last year spurred increased cooperation among the ISACs and between industry and government. For instance, a joint news conference with industry and government officials, the first of its kind, was held to alert the public to the worm.
The events of Sept. 11 and the NIMDA worm in quick succession spurred development of a formal mechanism for cooperating. The centers from the IT, telecommunications, financial services, oil and gas, electrical utility and ground transportation industries met and created the Inter-ISAC Information Exchange.
'There is no hub-and-spoke configuration' for sharing information, Allor said. 'No ISAC was looking for a super-ISAC.'Out of the loop
Information is exchanged between the organizations on an as-needed basis as new threats or vulnerabilities emerge that could be common to more than one sector. But government agencies are not part of the loop. 'Sometimes we had things we wanted to talk to each other about that we weren't ready to talk with the government about,' Allor said.
That said, information is shared with the government on an informal basis.
'As ops director of the IT ISAC, I talk with the National Infrastructure Protection Center at least once a day,' Allor said. 'We have a good relationship.'
But concerns about confidentiality and liability continue to restrict the private-public exchange of information.
'The biggest problem most companies see is the Freedom of Information Act,' Allor said. The fear that information provided to the government could be released in response to FOIA requests often keeps companies quiet. 'If I feel I'm not protected, I have no incentive to talk,' Allor said.
Bills have been introduced in the House and Senate to shield information about infrastructure threats from FOIA, but critics complain the shield provision could be used by companies to hide information and to forestall prosecution or regulatory oversight.
Allor said he is confident the protection can be defined narrowly enough to satisfy both camps.
The ISACs will meet next month to discuss ways to further their own data sharing and explore ways to improve relations with government.
'We are working on some more functional things,' Allor said. As an example he said the centers want to develop a common Extensible Markup Language format for distributing information within an ISAC, which could be followed by formats for exchanging information between centers.
William Jackson is freelance writer and the author of the CyberEye blog.