It is imperative for Federal agencies to effectively utilize threat intelligence combined with the power and agility of the cloud to better defend their networks. But, today, agencies are lacking adequate situational awareness to give their IT and security teams more clarity about what is going on in their networked environments. So, what’s holding them back?
Federal agencies are working to move beyond siloed systems that cannot share data with one another, but the reality is that this scenario still hampers agencies from achieving true situational awareness.
To move forward, the best way for agencies to achieve optimal situational awareness is by collecting and analyzing threat intelligence. To that end, agencies need threat intelligence platforms that can aggregate internal and external threat data and intelligence from multiple sources and pull the information into one space for correlation.
Moreover, the threat intelligence platform must be collaborative, allowing IT, threat analysis, and incident response personnel to work together as dynamic teams that can respond to a constantly changing threat environment, according to Adam Vincent, CEO of ThreatConnect, a provider of a threat intelligence platform used by government agencies and large businesses.
“Agencies have different [threat intelligence] capabilities based on their mission and resources,” said Michael Valivullah, the chief technology officer at the Department of Agriculture’s National Agricultural Statistics Service. For instance, the intelligence and security communities–CIA, National Security Agency, and Department of Homeland Security–are farther ahead than other civilian agencies.
“Threat intelligence combined with the power and agility of the cloud can help agencies achieve better situational awareness if it is done in a secure and reliable fashion,” Valivullah noted.
“Right now, the cloud-role as an aggregator is limited, but I expect this to grow as inter-cloud communication becomes interoperable, robust, and secure,” he said.
To be effective, threat intelligence platforms must be able to leverage the power of cloud computing, like the way business intelligence allows online businesses to scale up to meet demand during peak seasons such as Christmas, and scale down after sales or certain events are over, according to Vincent.
“The cloud allows you to leverage knowledge to change the way you are supporting a particular process,” Vincent said. “If the threat intelligence says that a certain type of attacker is going to use a particular type of attack, it is conceivable that the combination of knowledge plus the dynamic and flexible capabilities of a cloud computing environment can be used to change the infrastructure of the business in advance of that attack.”
But leveraging the cloud can be a double-edged sword for agencies, Vincent noted. For one, private, public, and even hybrid clouds can increase the cyber-attack surface dramatically for agencies. It is important for agencies to deploy threat intelligence platforms that can draw on the power and agility of the cloud in a secure manner as Valivullah noted.
The Federal government recognizes the need for organizations across government to have access to the latest threat intelligence information. The Cyber Threat Intelligence Integration Center (CTIIC) within the Office of the Director of National Intelligence provides integrated all-source analysis of intelligence related to foreign cyber threats, or incidents affecting U.S. national interests. Additionally, CTIIC supports Federal cyber centers by providing access to intelligence necessary to carry out their respective missions and oversees development and implementation of intelligence sharing capabilities to enhance shared situational awareness.
Meanwhile, the National Institute of Standards and Technology (NIST) published Special Publication (SP) 800-150, Guide to Cyber-Threat Information Sharing, to assist organizations in establishing and participating in cyber-threat information sharing relationships. “The publication describes the benefits and challenges of sharing, clarifies the importance of trust, and introduces specific data handling considerations,”according to NIST.