Background

business-discussions-2males-laptop-2

Threat information is the lifeblood of cyber defense. McAfee supports robust, real-time information sharing of threat data to help protect citizens and organizations from cyberattacks. McAfee has an extensive background in sharing cyber threat information as founding members of the Cyber Threat Alliance and the No More Ransom project. We actively share threat information through our products and our industry and governmental partnerships. We believe Together is Power.

Cybersecurity is a shared problem, and information sharing is critical to solving it. Most organizations don’t have cybersecurity as their primary mission, thus putting the onus on vendors and the private and public sectors to contribute to and use trusted, shared intelligence that will ultimately augment and enhance our collective security defenses.

McAfee supports the sharing of threat data, which we believe is the lifeblood of cyber defense. Yet information sharing needs to go beyond humans sharing information with each other. Sharing threat information should be an integral part of an adaptive, responsive network defense that does not require humans in every part of the loop. Every aspect of the network should be able to defend itself with information that is timely, actionable, responsive, and shared at wire speeds. The implementation of cyber threat sharing standards allows us to improve our security defenses at a more manageable cost to the operational landscape. By using standard interfaces for both data and services, we help reduce costs while providing a foundation for innovative, advanced tools and data analysis development to take place.

Importance to McAfee

We believe that sharing threat information is one of the best ways to defeat cyber threats, and we have an extensive background in sharing cyber threat information. We actively share McAfee and others’ threat information through our products and our partnerships. We are members of key industry and governmental groups and activities that support information sharing. These include the IT Sector Coordinating Council, a public-private partnership run by the U.S. Department of Homeland Security (DHS). We are members of the Defense Industrial Base, an information sharing program with the U.S. Department of Defense.

We are a founding member of the Cyber Threat Alliance, a group of cybersecurity companies that collaborate on sharing cyber threat information to improve defenses against advanced cyber adversaries across member organizations and their customers.

We are a founding member of the No More Ransom project. Working with global law enforcement and cybersecurity companies, we assist victims of ransomware by finding and providing decryption keys.

We are leading and participating in various industry standards and guidance development efforts to improve the sharing of threat information. Examples include the ISAO Standards Organization, OASIS CTI, NTIA, and FIRST efforts. We have also opened (open-sourced) our Data Exchange Layer communications fabric to the public to allow tools in a network to communicate rapidly and effectively with each other. Information sharing is an essential part of what we do and who we are.

Key points

  • It is impossible for a single organization to have a clear view of all the potential threats, vulnerabilities, and attacks across the globally connected environment. By acquiring and sharing cyber threat information with other trusted organizations, we get a better understanding of the actual threat landscape that we can apply to the benefit of our customers.
  • Cyber threats are not just a U.S. problem but a global epidemic, and as such, what we and industry efforts develop should be equally useful. Products, processes, and guidance must be applicable globally.
  • Sharing cyber threat information should use an outcomes-based approach as a mechanism to achieve specific security objectives.
  • McAfee believes information sharing between government and the private sector should be voluntary and mutually beneficial. To foster public-private information sharing, government should partner with industry to reduce legal and policy barriers that can impede information sharing.
  • McAfee believes developing threat sharing standards will benefit and advance the evolving cyber threat intelligence sharing and analysis ecosystem while providing a foundation for innovation. The establishment of and use of standards, procedures, and practices will allow for more interoperability between differing types of sharing organizations.
  • McAfee is actively participating and providing leadership in various cyber threat information sharing initiatives for our customers and global community.

Policy recommendations

  • McAfee encourages the U.S. government to seek innovative ways to further grow the information sharing ecosystem.
  • McAfee believes that U.S. government efforts such as the DHS Automated Indicator Sharing (AIS) capability are useful but do not go far enough. There is a real need to be able to move beyond simple indicators supplied via AIS and provide a means to allow enrichment of the shared information. The government should double down on working with the private sector to further evolve the way cyber threat information is represented, enriched, and distributed in a timely fashion. Doing so will help create a high-functioning ecosystem of information sharing that enables the public and private sectors to compete with global networks of sophisticated hackers.
  • McAfee recognizes the disincentive that threat intelligence’s “free rider” problem has imposed on public and private sector information sharing. Every organization benefits from consuming threat intelligence but gains no direct value from providing it unless the right organizational structure and incentives are put in place to eliminate the free rider problem. We encourage the government and industry sharing groups to try to address this situation either through additional incentives or instituting minimal sharing requirements for participation.
  • Few companies are actively sharing threat information with the government and among themselves. This restricts the realization of our goal: a high-functioning ecosystem of information sharing that enables the public and private sectors to compete with global networks of sophisticated, malicious actors. Policymakers should consider establishing tax credits that would incentivize businesses of all sizes to join information sharing and analysis organizations, such as ISACs or ISAOs, by providing refundable tax credits for costs associated with joining the appropriate sharing organizations.
  • McAfee encourages federal agencies to declassify larger categories of threat data and actively share them with the private sector. DHS should issue many more security clearances to qualified company representatives to enable access to the most sensitive, and potentially most valuable, pieces or classes of threat data.
  • McAfee encourages the U.S. government to push for a common operating architecture designed to improve the context of analysis, shorten workflows of the threat defense lifecycle, reduce complexities across security products and vendors, and increase the value of previously deployed applications.