The modern day interconnected business creates a number of opportunities, but also brings with it massive issues relating to breach of privacy and data security in the form of cyber attacks, which cost companies and taxpayers billions of dollars each year. Over the years, Congress has passed a number of cyber security regulations that are industry specific (e.g. the Gramm-Leach-Bliley Act, the Health Insurance Portability and Accountability Act, and the Fair Credit Reporting Act); however it has not been able to curb the ever increasing number of cyber attacks on businesses in the US. There is an ongoing debate about whether interconnectivity and information sharing which stimulates cyber attacks, can also be used as a prevention tool — almost like a vaccine.
The National Institute of Standards and Technology (“NIST”) has recently come out with its draft guidelines on Cyber Threat Information Sharing and has recommended various steps that organizations and businesses can take to avert cyber attacks by adopting defensive cyber-operations and incident response activities and introducing effective information sharing practices. NIST has invited public comments in response to its draft guidelines, which are due by November 28, 2014.
Some of these recommended tools include:
- Inventory listing of the cyber security information currently used and the information the organization is capable of producing.
- Formal exchange of threat intelligence, tools and techniques with partners.
- Open standard data formats and transport protocols.
- Augmentation of local data collection, analysis and management functions using information from external sources.
- Adaptive cybersecurity that addresses the full cyber attack life cycle.
- Continuous and ongoing information sharing in the community.
- Ongoing awareness of information security, vulnerabilities and threats regarding sensitive information.
- Clear roles and responsibilities within the organization regarding the cyber security plan.
A complete copy of the draft guidelines is available here.