What’s the saying, “If you can’t beat ‘em, join ‘em.”? Sure. Something like that. Doesn’t really work in the world of cybersecurity, though. Staying ahead of the curve does. I guess you can say Target “took one for the team” in December 2013. Otherwise, the giant steps taken may still be only a concept.
Calls for some type of information sharing highway in the retail industry were triggered by Target’s historic breach. 110 million compromised records. Something had to be done. Ask and you shall receive. The Retail Cyber Information Sharing Center (R-CISA) was created months later, and went online about one year ago. This digital platform allows retail companies to share threat intel with each other, as well as with The Department of Homeland Security, U.S. Secret Service and the FBI.
Timeline of Target’s breach from Inside International Business Times
Sharing with friends
What stands a better chance of stopping cybercriminals at the firewall? One soldier or an army? Sharing toys with friends is always better, unless you’re a toddler. Good thing we’re among grown-ups. So, after seeing early success with its intel-sharing portal, where more than 100 member retailers joined, that platform’s leaders elected to adopt the financial industry’s same-but-different version – a portal used by banks – to share cyber threats between the two consumer-linked sectors. The portal used by banks is called the Financial Services Intelligence Sharing and Analysis Center (FS-ISAC).
SecureState, a Cleveland-based management-consulting information security firm, has dozen of client companies in both the retail and financial industries. “Whenever we can get the best of breed from across both or multiple industries, that’s a great thing,” admitted Matt Franko. Franko is a Senior Associate Management Consultant at SecureState, with a background expertise in retail and government protocol. He’s convinced sharing cyber threat information across industry platforms could lead to many more industries working together.
“The more information we have, the more we can understand, the better we can all be prepared,” Franko added.
Knowing is really half the battle, no? We know now that not sharing critical intelligence is bad. According to the final 9/11 Commission Report, the FBI and CIA failing to share intel on terrorism threats all throughout the 1990s played a huge role in the September 11, 2001 attacks.
A ‘Cyber 9/11’?
It’s been said a major cyber terrorism attack could be the next 9/11, cutting off electricity, drinking water, mass transportation and possibly GPS systems, rendering nearly everything we need and count on to survive each day, useless for an undetermined amount of time. Outgoing Homeland Security Secretary Janet Napolitano warned of such a threat nearly four years ago, indeed calling it a possible ‘Cyber 9/11’.
Was that just a mere “scare” flare, fired off to get more taxpayer funding for DHS? As it turns out, no. The threat is seemingly real, according to just about every government agency sworn to protect American citizens. Already in the first months of 2015, our elected leaders are taking steps – in some cases on their own – to deter would-be cyberattacks.
President Barack Obama issued an Executive Order allowing himself and the U.S. government to slap foreign hackers with sanctions – including freezing assets – if a perceived threat was deemed high-level enough.
A cybersecurity bill was halted by Congress in 2012, after massive push-back from business and privacy groups, as well as Democrats and Republicans not being on the same page. Capitol Hill is once again trying to play nice, slowly moving a new, information sharing bill (CISA) through several committees in both the House and Senate. Let’s hope this time they can all get along and share.
