Intel, Palo Alto Networks, and Cisco are founding members of the cyber security organization
While one administration seems to crumble before our very eyes, the vestiges of the previous leadership in D.C. are moving on, and one former White House official is taking a leading role in shaping a conversation the new president will have to address soon.
Michael Daniel, recently the Special Assistant to the President and Cybersecurity Coordinator for the White House, will take up the mantle as the inaugural president of the Cyber Threat Alliance, a consortium of companies looking to shape public discourse on the topic.
The CTA, which is not a new organization, made the announcement to coincide with the 2017 RSA Conference in San Francisco. It was founded in 2014 as a way to share threat intelligence between organizations about such concerns as botnets, indicators of compromise (IoCs), advanced malware, and mobile threats. They describe their mission as “to raise the industry’s collective, actionable intelligence and situational awareness about sophisticated cyberthreats to improve defenses for its respective customer organizations.”
They claim successful collaborations like cracking the code behind ransomware family CryptoWall version 3 and eventually undermining version 4. The announcement also included Cisco and Check Point Software Technologies declaration that they will join the founding membership of the CTA, teaming up with Intel Security, Palo Alto Networks, Symantec, and Fortinet.
“The CTA lets us better take the fight to the bad guys for the common good of the internet,” Marty Roesch, chief architect at Cisco Security, explained in the announcement. “Working together, we complete the bigger picture of what we know about important attacks giving us better protections against both large, global attackers and even more discrete, targeted threats. The CTA is a win for the good guys and a setback for attackers.”
Now they are formally incorporating with a formal platform to share information in “near real-time” that pools information into “adversary playbooks” to reference how certain cyberattackers operate. Membership requires the automation of intelligence sharing between organizations and to deliver a minimum amount of new information every day.
“We believe there is power in working together, as people, as products and as an industry. For the last three years, we have worked shoulder-to-shoulder with our Cyber Threat Alliance founding Members to share threat intelligence, build context around advanced threats, and provide our customers the benefits of our collective knowledge,” Intel Security Group SVP and GM Chris Young commented. “This ongoing effort will help Intel Security customers build defenses that understand and counter complex attacks more quickly and effectively, throughout all stages of the threat defense lifecycle.”
IntSights, Rapid7 and RSA will join Eleven Paths and ReversingLabs as “affiliate members.” It is unclear what responsibilities fall on associate members.
Symantec’s CEO Greg Clark was direct in his comments on the incorporation of the organization and what the industry needs to do to stay ahead of new attacks in the near future.
“Our greatest weapon in the defense against cyber attackers is the vast power of our combined data and insights. Possessing one of the world’s largest pools of threat data carries significant responsibility, and the CTA provides us with an important coordinating mechanism to enable rapid sharing of that threat intelligence with global businesses.”
Beltway insider on ‘the cyber’
This particular appointment comes as an auspicious time for cyber security, especially when it involves the White House, with threats getting more media attention than usual following apparent Russian hacking of Democratic Party emails during the US presidential election last year that were allegedly released in order to give Donald Trump an edge over his opponent Hillary Clinton. That episode followed the highly volatile political issue of a private email server Hillary Clinton used during her time as Secretary of State.
Now a veteran of the Obama White House will head a consortium which will no doubt want to influence the public conversation on cyber threats to the United States government, infrastructure, and large enterprises.
As recently as late January, Daniel was commenting on policy issues connected to cyber threats. In an interview with Nextgov, he even flatly disagreed with Trump’s arguments during the campaign that the US had no defense against cyber attacks.
“I must say I don’t think that’s a fair representation of where things stand. We do have very robust defenses. [In cases where there are insufficient defenses], we actually know what a lot of those defenses need to be. We know what we need to do, but the challenge is getting people to do it and getting organizations to do it. It’s not a simple technological challenge. It’s an organizational challenge.”
The latter half of his statement alludes to the perceived advantage Daniel will bring to the organization. He is a career policy wonk with extensive experience in the White House budgetary office. His professional background is not in cyber security, let alone any aspect of the tech world. Now with several years of covering the industry under his belt in addition to his Beltway Insider credentials, Daniel seems poised to become an influential foot in the door for cyber security’s thought leaders.
Of course, that access might only go so far in early 2017. He is a former Democratic appointee in an era of a Republican Congress and sort-of Republican White House, occupied by a president who infamously answered a debate question about “the cyber” like this:
“So we had to get very, very tough on cyber and cyber warfare. It is a huge problem. I have a son—he’s 10 years old. He has computers. He is so good with these computers. It’s unbelievable. The security aspect of cyber is very, very tough. And maybe, it’s hardly doable. But I will say, we are not doing the job we should be doing. But that’s true throughout our whole governmental society. We have so many things that we have to do better, Lester. And certainly cyber is one of them.”
Will Daniel have any pull in D.C. right now? It will be interesting to see.