In April 18, 1775, Boston and a soon to be fledgling nation faced a certain threat against a massive attack surface originating from thousands of miles away via the sea. At the onset of the American Revolutionary War, Paul Revere collaborated with volunteers at Boston’s Old North Church to hang either one or two lanterns on the church steeple. Their code communicated to other communities and organizations – in real-time – the attack-vector British troops were using for their approach. This first example of public-private information sharing is immortalized in the famous line of the Henry Wadsworth Longfellow poem: “One if by land, and two if by sea.”
Then, as now, information sharing is a critical tool in the major threats businesses face. The nature of the cyber threat is different than anything else we’ve ever known or have been able to address in our business and legal systems – so, like Paul Revere, organizations have to think about it differently and craft different solutions. The U.S. Congress is meeting this week to consider a legislative framework for approaching cyber threats. Elected representatives are debating the merits and content of legislation concerning, among many things, information sharing and liability relief. Both of those topics are mission critical in today’s environment to counter threats faced today, and those that will be faced tomorrow.
Real-time actionable cyber threat information sharing between and among private and public sectors is needed to address diverse technology and business objectives. Through effective open and robust information sharing, organizations have a better success rate against the effects of malicious actors. Working together we maximize the reach of our cyber workforce in defending the public and private sectors from an ever changing threat environment.
We need to accept that current advanced protections don’t work. Furthermore, without evolving the security model – they will continue to not work. We know that point products, signature-based defensive approaches, and even traditional strategies are not enough to address the challenge. To overcome the threat posed by adversaries we need real-time information sharing across the public and private sectors. And of course, this data must be consumed, understood and acted on by advanced security teams capable of processing it immediately.
Information sharing, and the pending legislation, should allow the effective dissemination of near real-time actionable information, hopefully machine readable, that can assist new efforts to defeat malicious actors. We need this information – threat intelligence – because the old strategies of protecting the perimeters don’t work. We need visibility, access, and agility to see what the malicious actors are doing in our networks. Yes – they are in our networks. We need to prevent them from succeeding in their ultimate objectives. Information sharing will assist our ability to quickly detect and respond to these malicious actors and Congressional action should support those operational principles.
Today, 240 years after Paul Revere’s midnight ride, society may not be recognizable, but the principles that those American Patriots and Sons of Liberty espoused are visible. The cyber threat highlights one similarity: we, people and organizations around the world, face an existential threat to our way of life that can only be mitigated by a cooperative approach. Private companies, and governments, alone cannot overcome the myriad threats we face – they don’t have the resources or capabilities. Hopefully, current legislative action will help achieve what is needed to preserve and protect the principles fought for so many years ago.
