Real-time situational awareness is vital to securing global cyber systems and helping to protect national security. A global policy is needed which enables companies to collaborate with governments to leverage innovative technology solutions that combine and leverage disparate datasets to expedite the identification of data patterns and indicators which can be used to identify potential cyber-threats. These technologies collect non-personally identifiable network event data, such as traffic volumes associated with or the presence of malware targeting devices worldwide, correlate that information with the event data of others, and mathematically derive patterns of good and bad network indicators. The data derived is correlated and synthesized in real time, similar to a weather forecast that may take the data from multiple satellites to confirm an otherwise hidden situation, such as “rotation” of a system, to indicate the probability of a tornado and offer guidance. This capability in the cyber world enables not only warnings to humans, but real-time warnings at network speed, enabling the network itself to deflect threats, while simultaneously creating decision models for humans to apply to data in a non-automated fashion. For example, routers at ISPs can have dynamic malicious IP addresses on their access control lists, preventing malicious instructions from reaching a target. Meanwhile, the human decision models may visually portray that the malicious activity is in a certain sector, enabling further study or protection by the designated public and private authorities – this is core to running while under attack, the very basis of cyber network resilience.
Late last month, leaders of the House intelligence committee, Mike Rogers and C.A. “Dutch” Ruppersberger, introduced the “Cyber Intelligence Sharing and Protection Act of 2011.” The bill puts forward necessary policy changes and legal protections that will create meaningful improvements in the area of cybersecurity information sharing; particularly the type of human decisional and automated, network-speed information sharing needed to support real-time situational awareness for both man and machine that can block attacks from reaching targets while producing patterns and pictures that enable human action.
The bipartisan approach laid out in the “Cyber Intelligence Sharing and Protection Act of 2011” is both voluntary and non-regulatory. The legislation is designed to incentivize industry participation by:
- Exempting industry from any experiencing any liabilities as a result of sharing information or failing to act on any data they may obtain.
- Making it easier for companies to obtain threat data from the government by streamlining the clearance process and allowing appropriate industry personnel to be granted the necessary security permissions to access the classified information.
- Making it easier for companies to share information with the government and with other private companies.
McAfee supports the “Cyber Intelligence Sharing and Protection Act of 2011,” and believe that this legislation represents a critical first step in facilitating the human and machine speed sharing of threat and vulnerability information that will help government and private sector entities better protect themselves and their customers. We also commend the committee for adding vital privacy protections into this bill to ensure that enhanced information sharing and a safer cyber experience can be delivered in a way that is consistent with keeping trust with our citizens.