There seems to be an increasing call for the government to share more information with the private sector when it comes to cyber threats. In particular, when it comes to situations where a foreign nation may be involved, private sector security experts have been venting their frustration that the government is slow to pass them “secrets” that might help them respond more effectively to a particular threat or intrusion.
I find this amusing.
Corporations spend a lot of money and dedicate a lot of time to avoid government tendrils (funneling profits to off-shore subsidiaries in tax-free havens) or to influence those in political power to pass laws that reduce governmental intrusions and burdens. That stiff-arm approach goes away suddenly when assets are at risk. I guess this is a natural reaction – who doesn’t want the best of both worlds and for everything to go in their favor – but let me leave something unpleasant in the punch bowl for the “save me Uncle Sam” crowd.
The government is never going to share secrets with you. The people who you are dealing with when it comes to “cyber” issues are the most secretive of the nation’s secret-keepers. Nothing they would share with you would contain any value once it went through a declassification process.
The government does not have anything online that you don’t. That is to say, the government buys PCs and operating systems from many of the same vendors you do. They use TCP/IP just like everyone else. They connect to the same Internet as everyone else. A tactic that is effective against your under-patched Windows 7 box is going to be just as effective against the same box at the Department of Such-and-Such.
The “adversary” who wants information from a government agency does not want information from your widget company. To be more precise: whoever is breaking into your company is interested in widgets; whoever is breaking into the Department of Defense is interested in not-widgets. Certain technical aspects of both attacks may be the same, but once they land the goals are different. Even if you had unfettered access to secret government intrusion data it may be of absolutely no use to you.
If you are looking for other people to compare notes with, look to your peers. Everyone else in the American widget-making business is a target for the foreign adversary who is interested making better, cheaper widgets. Peer companies in your respective industries are your most valuable source of “cyber intelligence.” The logs your peers have collected are not secret. They are the most valuable technical information available because if they’re a victim, you will be soon (and vice versa).
You lose nothing by cooperating on cyber security with those who would otherwise be your competitors in the marketplace. You all have a vested interest in not enabling a foreign competitor to gain such an advantage over any of you so as to drive you all out of business. The government, on the other hand, doesn’t care if you (specifically) stay in business or not (or have you not looked at unemployment numbers in the past few years?). If its something of true national import the government will find a way to get you involved in the fight, but until then, stop waiting for a handout.