Threat information is the lifeblood of cyberdefense. McAfee supports robust, real-time information sharing of threat data to help protect citizens and organizations from cyberattacks. McAfee has an extensive background in sharing cyberthreat information as founding members of the Cyber Threat Alliance and the No More Ransom project. We actively share threat information through our products and our industry and governmental partnerships. We believe Together is Power.
Cybersecurity is a shared problem, and information sharing is critical to solving it. Most organizations don’t have cybersecurity as their primary mission, thus putting the onus on vendors and the private and public sectors to contribute to and use trusted, shared intelligence that will ultimately augment and enhance our collective security defenses.
McAfee supports the sharing of threat data, which we believe is the lifeblood of cyberdefense. Yet information sharing needs to go beyond humans sharing information with each other. Sharing threat information should be an integral part of an adaptive, responsive network defense that does not require humans in every part of the loop. Every aspect of the network should be able to defend itself with information that is timely, actionable, responsive, and shared at wire speeds. The implementation of cyberthreat sharing standards allows us to improve our security defenses at a more manageable cost to the operational landscape. By using standard interfaces for both data and services, we help reduce costs while providing a foundation for innovative, advanced tools and data analysis development to take place.
Importance to McAfee
We believe that sharing threat information is one of the best ways to defeat cyberthreats, and we have an extensive background in sharing cyberthreat information. We actively share McAfee and others’ threat information through our products and our partnerships. We are members of key industry and governmental groups and activities that support information sharing. These include the IT Sector Coordinating Council, a public-private partnership run by the US Department of Homeland Security (DHS). We are members of the Defense Industrial Base, an information sharing program with the US Department of Defense.
We are a founding member of the Cyber Threat Alliance, a group of cybersecurity companies that collaborate on sharing cyberthreat information to improve defenses against advanced cyberadversaries across member organizations and their customers.
We are a founding member of the No More Ransom project. Working with global law enforcement and cybersecurity companies, we assist victims of ransomware by finding and providing decryption keys.
We are leading and participating in various industry standards and guidance development efforts to improve the sharing of threat information. Examples include the ISAO Standards Organization, OASIS CTI, NTIA, and FIRST efforts. We have also opened (open-sourced) our Data Exchange Layer communications fabric to the public to allow tools in a network to communicate rapidly and effectively with each other. Information sharing is an essential part of what we do and who we are.
- It is impossible for a single organization to have a clear view of all the potential threats, vulnerabilities, and attacks across the globally connected environment. By acquiring and sharing cyberthreat information with other trusted organizations, we get a better understanding of the actual threat landscape that we can apply to the benefit of our customers.
- Cyberthreats are not just a US problem but a global epidemic, and as such, what we and industry efforts develop should be equally useful. Products, processes, and guidance must be applicable globally.
- Sharing cyberthreat information should use an outcomes-based approach as a mechanism to achieve specific security objectives.
- McAfee believes information sharing between government and the private sector should be voluntary and mutually beneficial. To foster public-private information sharing, government should partner with industry to reduce legal and policy barriers that can impede information sharing.
- McAfee believes developing threat sharing standards will benefit and advance the evolving cyberthreat intelligence sharing and analysis ecosystem while providing a foundation for innovation. The establishment of and use of standards, procedures, and practices will allow for more interoperability between differing types of sharing organizations.
- McAfee is actively participating and providing leadership in various cyberthreat information sharing initiatives for our customers and global community.
- McAfee encourages the US government to seek innovative ways to further grow the information sharing ecosystem.
- McAfee believes that US government efforts such as the DHS Automated Indicator Sharing (AIS) capability are useful but do not go far enough. There is a real need to be able to move beyond simple indicators supplied via AIS and provide a means to allow enrichment of the shared information. The government should double down on working with the private sector to further evolve the way cyberthreat information is represented, enriched, and distributed in a timely fashion. Doing so will help create a high-functioning ecosystem of information sharing that enables the public and private sectors to compete with global networks of sophisticated hackers.
- McAfee recognizes the disincentive that threat intelligence’s “free rider” problem has imposed on public and private sector information sharing. Every organization benefits from consuming threat intelligence but gains no direct value from providing it unless the right organizational structure and incentives are put in place to eliminate the free rider problem. We encourage the government and industry sharing groups to try to address this situation either through additional incentives or instituting minimal sharing requirements for participation.
- Few companies are actively sharing threat information with the government and among themselves. This restricts the realization of our goal: a high-functioning ecosystem of information sharing that enables the public and private sectors to compete with global networks of sophisticated, malicious actors. Policymakers should consider establishing tax credits that would incentivize businesses of all sizes to join information sharing and analysis organizations, such as ISACs or ISAOs, by providing refundable tax credits for costs associated with joining the appropriate sharing organizations.
- McAfee encourages federal agencies to declassify larger categories of threat data and actively share them with the private sector. DHS should issue many more security clearances to qualified company representatives to enable access to the most sensitive, and potentially most valuable, pieces or classes of threat data.
- McAfee encourages the US government to push for a common operating architecture designed to improve the context of analysis, shorten workflows of the threat defense lifecycle, reduce complexities across security products and vendors, and increase the value of previously deployed applications.