Since the President’s State of the Union address and February’s Executive Order on Cyber Security there’s been a lot of talk in the data protection business about the importance of information sharing. Truth be told, the industry has been talking for a lot longer than the past month about the pivotal role that transparency and a common standards play in securing our networks, data, and business operations. Despite the overall agreement that information sharing is crucial to robust cyber security, there was always a lack of momentum to move beyond conversation into action.
In a recent column in Security Magazine CrowdStrike’s Steven Chabinsky outlines the way in which he would approach creating a viable information sharing syntax and the ways in which it could at least mitigate, if not prevent attacks. Starting with the recent Executive on Cyber Security which begins:
“In order to address cyber threats to public health and safety, national security, and economic security of the United States, private companies, nonprofit organizations, executive departments and agencies…must be able to share information related to cybersecurity risks and incidents and collaborate to respond in as close to real time as possible.”
Chabinsky wonders just how a Cyber Security Information Sharing Classification System would differ from the current Classification System and if they could and should co-exist side-by-side? To find out where Steve ended up on this debate, hop on over to Security Magazine to read his whole column.