Threat intelligence sharing has a complex history within the security industry. The premise is simple: cybercriminals will often launch attacks with similar components, using the same tactics, or even re-use the same malware or exploits over and over again. If every organization was sharing intelligence on the attacks being launched against them, we could develop protections that essentially de-fang the adversary, taking away their ability to do harm on a very large scale. Now, they would be required to craft custom attack tools for each operation, increasing the time and cost it takes them to breach organizations. This is a shared, common good, which benefits both public and private entities. For instance, we have seen many examples of malware originally developed to compromise nation-state targets trickle down to other adversaries. Their victims could have benefited from advanced knowledge of these threats.
The benefits can be immense, but there have been challenges to embracing threat intelligence sharing on a wide scale:
“The Cipher Brief has become the most popular outlet for former intelligence officers; no media outlet is even a close second to The Cipher Brief in terms of the number of articles published by formers.” —Sept. 2018, Studies in Intelligence, Vol. 62
Access all of The Cipher Brief’s national security-focused expert insight by becoming a Cipher Brief Subscriber+ Member.
Subscriber+
