Over the past six years, TruSTAR has built partnerships with multiple information-sharing organizations to enable the exchange of suspicious event data between their respective members. Last month, we brought these organizations together for a summit to exchange lessons learned and to begin a dialogue about how we could all work better together. The day was a terrific success with leadership from Choo Kim Isgitt, our CRO and champion of sharing organizations, as well as our partners’ active participation.
Richard Clarke, the U.S’ first cyber czar, and Mark Montgomery, the former Executive Director of the Congressionally-founded Solarium Commission, set the stage with a virtual fireside chat about the commission’s findings associated with information sharing. Richard and Mark both zeroed in on the need for seamless collaboration.
From there, five themes emerged over the day:
First, sharing organizations are not a monolith. Each has its challenges and priorities based on membership needs. Each organization has specific use cases ranging from TAG’s exchange of data about malware in advertising to the LA CyberLab’s connecting businesses, citizens, and government. Use cases are identified and nurtured over time. Organizations are sector-based such as the IT-ISAC or RH-ISAC, regionally-based such as Covail, or the North East Ohio Cyber Consortium, or a mixture of both sector and region-based, such as the Texas Bankers Association.
Second, information exchange is facilitated by removing technical barriers. Given the different capabilities of sharing group members, a suite of capabilities is required, ranging from data ingest through email, Slack, or API to automated redaction to protect proprietary information or personally identifiable information. API usage has accelerated, given the ability of members to automatically send and tap shared data and bring it directly into their security tools.
Third, creativity counts. Organizations like the RH-ISAC announced a sharing and collaboration challenge. All members are automatically enrolled, tracking member participation and contributions across several categories. The competitive spirit drives engagement and participation, and the playing field is leveled by segregating companies into four tiers based on the company’s infosec team size. At the end of each four-month segment, RH-ISAC awards trophies and prizes to individuals and member companies.
Fourth, organizations are looking forward to building stronger relationships with Federal agencies, including law enforcement. Organizations respect the progress that DHS’s Cybersecurity and Infrastructure Security Agency (CISA) has made over the past several years and hope for a closer relationship going forward, including CISA insights on member-shared data.
Fifth, organizations expressed a desire to work together, including beginning to share information around select use cases of mutual interest between organizations.
Special thanks to all of the organizations that participated through their presentations, comments, or questions, including the IT-ISAC, RH-ISAC, CompTIA, Trustworthy Accountability Group, Covail, NEOCC, Texas Bankers Association, SportsISAO, LA CyberLab, CalCISO, CloudCISC, Charter of Trust, and NCU-ISAO. We hope to deepen our partnerships by continuing these conversations in the future.