Information Sharing: There’s No Way It’s Not Going There

Posted by Jeff Pelliccio on Dec 31, 2018 9:00:00 AM

In ICS insights, hiring trends, Job Trends, IT, client

Security information should not be isolated in silos. This is especially true in the early stages of malware attacks. With this in mind, President Obama signed into law measures for Improving Critical Infrastructure Cybersecurity to create public and private information sharing opportunities. Early results lacked context. 

Analysts were left scratching their heads over what amounted to correlated data without any analysis on how to act on it. Then, somebody came up with a solution.


EINSTEIN 3 Accelerated is a DHS information sharing program from the intelligence community that's tasked with protecting critical infrastructure in the U.S. In a three-part process:

  • EINSTEIN 1 analyzes the flow records of the network
  • EINSTEIN 2 flags suspected cyber threats using high-tech, proprietary Intrusion Detection Systems (IDS) technology
  • EINSTEIN 3 has accelerated monitors picking up Internet traffic headed for or coming from civilian Executive Branch departments in the authoritative .gov domain.

Promoting Private Sector Cybersecurity Data

This is another Obama measure that extended the program reach into the private sector. Developers of the system wondered why people were reluctant to use the system that was designed to protect them. The private sector was hesitant to put email traffic into a government-monitored system.  Trust issues arose. 

Financial Services are a critical part of the U.S. infrastructure and information sharing that has been attempted within FS-ISAC) but the initiation ultimately failed. The problem is that there's plenty of data there, but none of it's yet useful for analysis.  Currently, data gets dumped and integrated into the database, but very few people have figured out what to do with it. In any case, as long as it's viewed as a compliance exercise, the data are likely to remain fallow.

A new center was founded and named the Financial Systemic Analysis & Resilience Center (FSARC). The center tries to solve the problems that FS ISAC couldn't handle. (ISAC was a strategic initiative able to conduct deep analyses for cyber risk detection, used in financial products.) This could enable the financial industry to self-regulate rather than rely on government monitoring.

Next Steps in Information Sharing Cybersecurity

One upcoming initiative that has been launched under the auspices of the DHS involves a coalition of banks working to develop a research project for better collaboration within the financial industry. Experts are working to build on this framework. The U.S. government is able to communicate with the system via security operation centers. 

Banks are left to their own devices for security and are able to maintain greater privacy for clients. Generally, the banking systems don't communicate. Systems like ISACS were designed with information sharing in mind. When combined, data from the various banks became an enormous spreadsheet of data that didn't address the threat. 

What Needed to Change?

For the experts, this was challenging to watch, as the real threats weren't being addressed. A new approach was needed to make the Einstein methodology work better than in the past. Analysts were needed to find Advanced Persistent Threats (APTs) hidden within all that data. These new resources were able to add functionality to make the data more meaningful from a threat detection standpoint. This culminated in a viable way to sift through billions of records and draw meaningful conclusions about who could pose a cybersecurity threat

A New Cybersecurity Company Is Born 

In 2016, a new company formed to use this platform, King & Union. The firm demonstrates the benefits gained by sharing public or private information that has been predigested by smart applications.

Avalon is King & Union's main product, and it provides a secure way to collaborate and share information. Avalon can pull data into a single workspace to allow investigators to efficiently analyze all the pertinent points of data they need in an investigation. The collaboration is available for a select group of trusted partners. It can be aggregated within the organization taking the lead or shared with various partners looking into suspicious events, activities or people. 

Free Spyware

It's not clear who has access to a free version of Avalon. However, the trial version is reputable, uses proprietary data, and lets authorities interact with the threat analysis. Some of the features cybersecurity teams love in the information sharing tools that include the creation of teams, with trusted members only allowed. Collaborators can chat with the workspace, as well as perform up to 100 searches every day. Further activity is deemed a threat. The paid version has custom exports of data, intelligence indicators and unlimited search capability.

Avalon will need to collect IP addresses, SSL certificates and other info of interest to catch hackers. Each new data point runs through the software to join tons of data that are already available. This lets investigators a visual model whereas a manual one takes hours.

So, this is where cybersecurity is going in the future. In an effort to protect individual and company from cyber attacks, information sharing of the same data is required on a large scale. This irony certainly doesn't escape the reasoning of the system's creators but is considered a necessary sacrifice. 

Are you ready to take the next steps in information sharing? The very next step would be to partner with ICS to find your perfect team of talented professionals. Click below to get started!

Find Talent NOW