Skip to Content

Do you remember the major cybersecurity incidents of 2012-2016? If you can name a half dozen, then you’re well above average. If you can describe the attackers’ organizational structures, the mechanisms of compromise, the data compromised, and the fallout, then you’re in rare company with people like Michael Daniel.

Mr. Daniel served as Cybersecurity Advisor to President Obama during the second term of the administration, and now leads the Cyber Threat Alliance (CTA). He’s the keynote speaker for Fraud Force Chicago. Register for the event to hear him speak, and benefit in these nine other ways.

During his presentation – A 360 Degree Outlook On The Global Security Landscape – Mr. Daniel will share insight distilled from his service during the Obama years, and since refined at the Cyber Threat Alliance.

If you’re like me, and struggle to list six major cybersecurity incidents that occurred between 2012 and 2016, let alone describe them in any detail, then you might benefit from this short primer.

1. Turn competitors into collaborators, somewhat

Fraudsters succeed because – in part – they’re willing to share sensitive information (albeit for a profit). Mr. Daniel has been a strong advocate for information sharing in the name of defense, too.

The private and public sectors shouldn’t have to reinvent the mechanisms and processes for producing and acting on threat intelligence. Cybersecurity firms such as Fortinet, Intel Security, Palo Alto Networks, and Symantec have already done a fine job. That’s where the CTA fits in.

In 2014 those four firms agreed to embark on an experiment. Even though they competed for some of the same contracts and clients, they would share threat intelligence in the name of greater security.

Members upload packages of normalized data that conform to the CTA’s platform. (They anonymize data identifying the parties under observation.) The platform validates members’ submissions by correlating information uploaded by other members. As long as members continue to upload enough information, they’re allowed to download other members’ submissions for ingestion into their respective platforms.

(We at iovation love the underlying principle at work here. On the iovation Intelligence Center our users have shared over 50M confirmed incidences of fraud and abuse. This device intelligence helps all members detect and prevent fraud on known devices, while still defining their own business rules.)

Instead of competing with different, incomplete pools of information, the CTA’s members (16 as of publication) compete on the value they create with those pooled data; better integrating with clients’ tech stacks, or better fitting with clients’ business models. Sharing data makes all of these competitors better at securing their clients.

2. “Cybersecurity is not just a technical problem”

In spite of the technical nature of the domain, Mr. Daniel espouses a holistic risk management approach to cybersecurity. He points out that the challenge encompasses political, economical, psychological and behavioral factors.

For example, Mr. Daniel wrote in the Harvard Business Review: “Sharing information among people at human speed may work in many physical contexts, but it clearly falls short in cyberspace. As long [as] we continue to try to map physical-world models onto cyberspace, they will fall short in some fashion.”

Mr. Daniel has openly acknowledged some challenges to the CTA’s process:

  • Persuading members to fit the CTA’s concept into their business models.
  • Getting them to consume the available data at a speed that matters and baking it into their products.

We applaud his candor and creative thinking.

3. Look to disaster preparedness for clues

Let’s close with a smart analogy: look to natural disaster preparedness as a model. If the event overwhelms local responders, then surrounding groups and the state can bring extra help. And so on all the way up to the Federal Emergency Management Agency (FEMA).

Mr. Daniel has suggested a similar fluid approach might be appropriate for cyber threats, but we need to address some important questions first; “How do we do the handoff, and decide whether something is the kind of thing the private sector can and should handle on its own, versus something that calls for feds to help? We don’t yet have the policy language to talk about what that relationship is.”

You can be sure Mr. Daniel and the CTA’s members are working on preliminary answers. Come to Fraud Force Chicago for a preview in greater detail.

Keep Reading