President Joe Biden recently passed an Executive Order (EO) to modernize the nation’s cybersecurity efforts. At Cyware, we feel proud to align closely with some of the directives established within the EO and the future for cybersecurity.
The EO rightly stresses on the critical need to remove the barriers that impede information sharing across all public and private sectors [reference: Sec. 2. Removing Barriers to Sharing Threat Information]. Given the rising number of sophisticated attacks, including those exploiting supply chain routes or targeting critical infrastructure assets, it is crucial that government agencies and contractors collaborate to put forward a collective defense against potential threat actors and attack vectors.
An effective way of doing this would be to create a collective defense network that facilitates automated information sharing between all stakeholders including the DHS-CISA, US-CERT, all Federal agencies, and Private Enterprises through their respective Information Sharing Communities (ISACs and ISAOs), Associations, and other Industry Groups. Such a trusted sharing network would cover all critical infrastructure entities, the majority of whom are privately controlled in the United States but need to effectively collaborate and share information with their public partners in real-time to stay protected against advanced threat actors.
Cyware’s vision of a global collective defense network aligns closely with the new Presidential EO. Cyware’s platforms are currently being used by multiple Critical Infrastructure sector information sharing groups (ISACs/ISAOs) and National CERTs globally and give them the capability to:
- Share cyber threat intelligence with their members in a bi-directional manner
- Readiness for sharing threat intelligence with each other in a cross-sectoral trusted environment
Cyware’s platforms empower its customers to fully automate the entire threat intelligence lifecycle - lack of which has emerged as a major impediment behind low volume or poor quality threat intelligence sharing. Bidirectional sharing and automated confidence scoring capabilities in Cyware’s platforms enable organizations to promote contextual and actionable threat intelligence sharing that enhances faster detection and response measures.
The Executive Order also talks about creating a standard playbook for responding to cyber incidents [reference: Sec. 6. Standardizing the Federal Government’s Playbook for Responding to Cybersecurity Vulnerabilities and Incidents]. A mature and capable incident response strategy is critical for any organization to defend itself against attacks successfully. If your organization were to experience an attack similar to the Colonial Pipeline ransomware attack, would you be prepared to respond? Presently, federal entities differ in their incident response strategies and maturities, making it difficult to achieve an optimum level of satisfactory response for all. Cyware’s virtual cyber fusion center effectively solves this challenge by allowing disparate security teams within organizations to collaborate using a common platform while integrating both strategic and technical threat intelligence with security, orchestration, automation, and response (SOAR) to drive effective and faster decision making. Our virtual cyber fusion platform facilitates collaboration within an organization’s siloed security teams, furthering their collective defense capabilities in the truest sense. As organizations leverage the virtual fusion center platform, they can
- Foster effective collaboration between their siloed security teams;
- Connect the dots between different threat elements to deduce contextual intelligence;
- Respond to all threat types including malware, vulnerabilities, threat actors, and not just incidents;
- Scale their incident management program and improve overall security maturity;
- Automate entire threat intelligence lifecycle including ingestion, normalization, enrichment, analysis, and sharing;
- Deduce high confidence actionable threat intelligence in a bidirectional trusted information sharing environment;
- Automate intel-driven incident response workflows by leveraging cross-environment (cloud to on-premise) and cross-functional (Security-to-IT-to-DevOps-to-Human) orchestration
- Standardize their incident response strategies and playbooks through advanced automation, orchestration, without losing the element of human judgment.
To summarize, the new EO clarifies that information sharing is the way forward towards safeguarding against threats and being resilient against attacks that can impact day-to-day life. Cyware’s vision and capabilities are in full alignment with the goals outlined in the EO and have already laid a strong foundation for what it would take to bring stakeholders together and establish a collective defense against adversaries. Cyware welcomes the EO and invites discussions and inquiries from all the stakeholders on how Cyware’s platforms can help them achieve the goals outlined in the EO.