Social platform for sharing cyberthreat intell goes live
- By William Jackson
- Feb 11, 2014
Internet Identity’s (IID) ActiveTrust platform for sharing cyberthreat intelligence, which has been used for the past year by several dozen federal agencies and other enterprises, is being opened up to general availability.
The commercial offering, which will be available to qualifying customers on a subscription basis, is an effort to leverage the convenience of social networking for information sharing, while using the power of binding contracts to ensure the control of sensitive information.
“The problem we are trying to address is that information is known to a lot of people, but doesn’t get shared for a lot of reasons,” said IID CEO Lars Harvey. “This platform provides users the tools to share as widely as they are comfortable with.”
The need to share more data about threats across enterprise boundaries for effective cybersecurity has long been acknowledged, but the barriers to sharing have been just as evident. Those obstacles are more business and cultural than technical.
“They are worried about liability and about risk,” Harvey said about businesses. “They are worried that somehow it’s going to come back to bite them.” And agencies hesitate to share sensitive or classified information with the private sector.
There have been efforts to enable information sharing between government and the private sector and within the private sector. Under the Defense Industrial Base program the
Defense Department supplies information, including threat signatures, to selected contractors in exchange for information gathered from contractors’ systems.
An executive order released last year calls for voluntary information-sharing programs between the private sector and the military and intelligence communities as well as the Homeland Security Department. Information Sharing and Analysis Centers also have been established for specific industrial sectors to provide voluntary forums for sharing. But all of these efforts have had limited success.
“The data is there, but it’s just in a larger silo,” Harvey said. Getting the information out of the silos is difficult because sharing still relies on one-to-one trust relationships that do not scale. “When a group gets too large, people quit sharing.”
Acknowledging that “this is the dynamic that exists,” the goal of the ActiveTrust platform is to expand ad hoc sharing groups as much as possible by letting contributors retain ownership of data and control its dissemination within the community. Members are prescreened and agree to a common set of rules for confidentiality and information use. “It is not just a handshake, but a written document” that can be enforced, Harvey said.
Data shared through the platform is standardized so that it can be machine analyzed and used by security tools as well as analyzed by humans. Descriptions and metadata allow information to be filtered and cross referenced as well as scored for applicability for members. The ActiveTrust Hub enables secure collaboration between members.
Members can designate who gets access to information shared on the platform and how it is to be used. Ultimately, trust is enforced by a contract rather than through technology, Harvey said.
All ActiveTrust subscribers are vetted by IID before joining the community. Currently the membership consists of large Fortune 500 companies and federal agencies, so vetting is easy. IID expects that subscribers will continue to be large organizations for the foreseeable future. As the membership expands to include smaller organizations, more on-site verification could be required.
Although the goal of ActiveTrust is to expand the community in which threat information is shared, its size will be limited for the time being. Current participants are in the dozens, and the platform is ready to scale up to hundreds, and potentially thousands, Harvey said. “But hundreds is a logical goal for now.”
Harvey said IID has had positive response from current government users of the platform, who say that security has been improved. “We’ve had some wins,” he said. “It is helping to prevent and stop the spread of some things, and they are seeing fewer infections and easier administration.”
William Jackson is freelance writer and the author of the CyberEye blog.