NEWPORT, RI—As part of the ongoing Rhode Island Corporate Cybersecurity Initiative (RICCI), the Pell Center recently hosted a panel discussion on “Cyber Information Sharing: Examining a Risk Based Approach to choosing the right information sharing partners and policies.” The event brought together representatives from over 20 different organizations across the state and a world-class group of cyber experts. The panel included Ms. Ellen Giblin, Counsel at Locke Lord and Pell Center Adjunct Fellow; Mr. Don Ulsch, PWC Managing Director, cybercrime and breach response expert, and author of the book Cyber Threat!: How to Manage the Growing Risk of Cyber Attacks; and Mr. Ken Mortensen, PWC Senior Managing Director, cybersecurity and privacy expert, and author of the book Health Care Privacy and Security.
The discussion focused on a complex issue in today’s increasingly sophisticated cyber threat landscape: the ability to establish and maintain effective information sharing partnerships to enhance an organizations’ situational awareness and manage an organizations’ exposure to intrusions and breaches.
Organizations and their boards understand the need to share valuable information on serious cyber incidents and exchange actionable intelligence, but they do not always know how to choose their sharing partners and obtain the proper threat feed. The complexity of this sensitive exchange grows proportionately with group size, and perhaps exponentially when those group members are critical infrastructure industries with specialized security concerns. The panelists noted the key role that information plays for any business, and they encouraged the senior executives in the room to take a risk-based approach to vetting information-sharing partners and acquiring the right threat feed to manage their cybersecurity programs.
As Ms. Giblin stated after the event, “Mr. Mortensen and Mr. Ulsch engaged the audience to examine methods to conduct relevant risk assessments of current incidents and explore secure methods to participate in cyber threat information sharing. By conducting these exercises companies may build their own cyber threat feed responsive to their industry regulation and their customer requirements to prevent or mitigate cyber attacks.”
During the panel discussion, Mr. Ulsch stressed three fundamental aspects of information-sharing: (1) determining whether the source of information is reliable; (2) sorting and analyzing the data collected in a company’s environment (“create intelligence from information”); (3) knowing what to look for. “Even if you can capture a tremendous amount of intelligence but don’t analyze it correctly or chose not to for fiscal or other reasons, and then a breach happens, you will most likely realize that you had indicators of that cyber attack already available in your environment pre-breach but did not recognize or analyzed them properly. And that can have serious liability and regulatory implications if a breach happens and you had important information and didn’t act on it!”
Mr. Mortensen noted that “there are a lot of organizations collecting information and capturing events, but the biggest gap today is not having proper risk assessment processes.” “Once you get passes getting good information,” he added, “the question is how you manage that information.” Risk assessment and risk management, in fact, ought to be part of every discussion about the cybersecurity of any organization. “Getting the right threat feed, thus, involves understanding your environment and how the data needed to understand that environment is analyzed and managed.”
All panelists emphasized the importance of employees’ cybersecurity training and that every member of an organization must have a basic understanding of the threats and vulnerabilities inherent to their company’s environment. “It should be ingrained in the people working in your organization,” Mr. Mortensen said.
Mr. Ulsch summarized the main takeaways from the discussion in his closing remarks: “You are never going to be 100% secure, but you need to first and foremost understand your information, then the top threats and top vulnerabilities in your environment, and finally the processes to secure those information and do what you can with the limited resources you have.”