Cloud Security Alliance establishes threat sharing scheme
Collaboration between vendors and businesses is a crucial part of ensuring attack reports are up-to-the-minute and provide specific information about threats.
To aid this, the US-based Cloud Security Alliance (CSA) is proposing to set up a scheme that will enable organisations to anonymously report data breaches, in the interests of enabling others to take steps to prevent them becoming victims of similar attacks.
The CSA has set out its proposals in a new white paper ‘The Mandate for Meaningful Cyber Incident Sharing for the Cloud’.
In the white paper, CSA says, “A major impediment to protecting information assets in an enterprise is the unwillingness and/or inability to share cyber security incident information.
“Fear of public exposure and resulting legal ramifications has caused organisations to withhold critical attack signatures that could have impeded or even prevented several of the industry’s most notable breaches.”
It adds: “Enterprises and cloud providers […] all have a distinct need to understand the types of incidents that peers and technology partners are experiencing, so that they can better protect themselves and their customers.
“For cloud providers, which play a unique and central role in the IT infrastructure, the challenge is especially acute given the potential widespread implications of a successful attack.”
CSA provides a telling example: immediately after the now notorious attack on Target, 18 other companies were attacked using the same methods.
The speed with which this happened was the result of cyber criminals having very effective information sharing networks, unlike enterprises, the CSA says.
“Once an exploit is shown to be effective, or a zero-day vulnerability discovered, it is often quickly disseminated via a number of underground channels and rapidly used by a variety of bad actors against a large number of potential targets,” the CSA says.
To enable the anonymous sharing of information, and swift action based on the intelligence provided, the CSA is proposing the development of a Cloud Cyber Incident Sharing Centre (CISC).
“Once an incident report is shared, the Cloud-CISC platform’s unique algorithms provide near-real-time correlation with reports supplied by other vetted members.
“If similarities are discovered, members can be alerted and provided with the related reports that contain additional attack indicators, valuable context and mitigation advice,” says CSA.
It has set out a four stage process aimed at bringing this vision to reality.
- Establish a small steering committee (8-10 people) with representation from both cloud providers and cloud customers.
- Provision steering committee members to access the Cloud-CISC platform, giving each the ability to transmit and access incident reports.
- Over a 90-day period, evaluate the Cloud-CISC platform and make recommendations for improvements and modifications.
- Develop a charter and standard operating procedure for the CISC following the conclusion of the 90-day evaluation period.
Vic Cinc, Axelera CEO, says, “If such a scheme could be developed and implemented, with adequate safeguards, it would give a huge boost to the cloud computing industry’s defences against cyber criminals.”