This presentation forms part of the CTA's Threat Intelligence Practitioners' Summit
Thursday 29 September 2022, 10:00 - 10:30
Neil Jenkins (Cyber Threat Alliance)
It’s hard to find someone that will argue that cybersecurity professionals should share less information. There are decades-old organizations that exist solely to bring entities together to share information. Technology enables automated information sharing. Frameworks help practitioners communicate tactics and techniques. Legislation eases the liability pressure on those that share. Governments push sensitive data out to the public more regularly. Yet still, one of the first recommendations in any long-term cybersecurity study is some variation of 'increase the scope and scale of cybersecurity information sharing among stakeholders'. Why is it so hard to get information sharing right?
Within the private sector cybersecurity community, the Cyber Threat Alliance (CTA) is an example of an organization where information sharing is working, but we fully admit that we’re not perfect. CTA was established as an informal community of cybersecurity vendors in 2014 and then as a non-profit in 2017 to regularly share indicators of compromise (IOCs), context, analysis, and detailed reports through both automated and human-to-human means. CTA members routinely share more than 10 million IOCs and the associated context per month. Members turn this shared information into protections for their customers and deploy them worldwide in a matter of minutes.
This talk will provide lessons learned from the Cyber Threat Alliance’s experience in sharing information and in taking the next steps to build operational collaboration between our members. We will highlight the key principles that enable sharing, identify what roadblocks still exist, and discuss efforts to build a community of trust between our members.
Neil leads the CTA’s analytic efforts, focusing on the development of threat profiles, adversary playbooks, and other analysis using the threat intelligence in the CTA Platform. Previously, he served in various roles within the Department of Homeland Security, Department of Defense, and Center for Naval Analyses, where he spearheaded numerous initiatives tied to cybersecurity strategy, policy, and operational planning for both the public and private sectors.