NEWS

Lack of Trust Thwarts Cybersecurity Information Sharing

By Matthew Harwood

WASHINGTON--Lack of trust is the primary reason cybervulnerability and threat data is not shared within and between the public and private sectors, a panel of government and industry representatives told a homeland security conference today.

"Situational awareness is driven by interpersonal communications, so people find other people that they trust," said Marcus Sachs, vice president for national security policy for Verizon Communications. "If something bad is happening the alert goes out amongst the trusted group. It doesn't necessarily go out through official channels."

The admission came during a panel discussion at the AFCEA Homeland Security Conference held at the Ronald Reagan International Trade Center. The session focused on creating cybersituational awareness, or the ability of stakeholders to share enough information in real time to protect both their networks and the common Internet infrastructure that undergirds society.

There isn’t an easy way to establish that trust, panelists said.

Such relationships aren't perpetuated from the top down, rather they blossom organically, according to private sector panelists.

Moderator Matthew Stern, a senior advisor to the Department of Homeland Security’s US-CERT at General Dynamics, said the cybersecurity community is a small, tightly knit one.

“A lot of us have grown up together,” he said, adding “You trust people you know.”

This often leads to a knowledge imbalance within an organization, where decision makers know less than their subordinates, Sachs said. The problem is exacerbated by the hyperconnectivity provided by social networking tools like Twitter and Facebook. It leads to great situational awareness for a particular group, “but it doesn’t translate up to senior officials who need to make real-time decisions, because they’re just not seeing what everyone else is talking about.”

Stern asked the panelists how can the public and private cybersecurity communities institutionalize trust.

“I don’t think we can ever institutionalize the trust necessary to make situational awareness,” said Aaron Walters, vice president of research and development for Terremark Worldwide.

Comments

View Recent News (by day)

 




Beyond Print

SM Online

See all the latest links and resources that supplement the current issue of Security Management magazine.