McAfee is advocating the use of global cyber attack information sharing to thwart mounting threats to critical infrastructure and the U.S. economy.
Dr. Phyllis Schneck, Chief Technology Officer for McAfee, testified before the Homeland Security Subcommittee on Cybersecurity, Infrastructure Protection and Security Technologies last week about the need for the private sector to better share global attack intelligence in order to protect both public and private networks.
The vast majority of the nation's critical infrastructure and government systems are administered by the private sector, but many companies are reluctant to share information about attacks for fear of regulatory sanctions and negatively affecting stockholder confidence.
Dr. Schneck singled out two particularly devastating cyber attacks that are thought to have resulted in the loss of billions of dollars of intellectual property and trade secrets, Operation Aurora and Night Dragon.
Dr. Schneck offered recommendations to the committee on how to bolster security for the nation's critical infrastructure:
- The cyber security challenge faced by our country is a serious matter that requires an evolution in the way in which both the public and private sectors collaborate. Leading information technology companies and their customers are uniquely positioned to act as early warning systems that can identify and help address cyber security attacks as a real-time cyber immune system. But only the government can implement the complex set of organizational and policy responses necessary to enable data analysis and distribution across the private sector to counter the growing cyber security threat.
- Private companies need protected ways to share their big picture research findings with the government without loss of trust or creation of material events for stockholders, so that the most significant cyber security information is expeditiously actionable. This is the human component of what Global Threat Intelligence does at machine speed. We need both in order to defeat cyber adversaries, whose aim is to harm our way of life.
- Broad-based situational awareness is vital to securing our global cyber systems and ensuring our national security. Policies that enable companies and governments to work together, using global threat intelligence (e.g. combining cyber, energy, finance and other data) to enhance correlation and predictive capabilities are critical to real-time responsiveness within the network switching/routing fabric should be pursued.