Blog Articles

​Speed is Essential to Threat Intelligence Sharing

When one government agency is alerted of a cyber threat, the first response is typically to solve the problem. Tracking the hacker may seem the next logical step, but the role of communication to other agencies should be a priority. Cyber threat intelligence is a cornerstone in containing a threat before it infiltrates other agencies. NC4 understands the importance of cyber threat intelligence and the efficient dissemination of secure information by offering NC4 Mission Center to government organizations and businesses.

Cyber Threat Intelligence | Speed is Essential to Threat Intelligence Sharing

Malware, computer viruses, cyber threats, and cyber-attacks abound as hackers become more sophisticated and millions of people share data via cellular phones and tablets. When a threat occurs in a major organization, such as a bank or health care system, the threat can escalate from an isolated incident to a major occurrence. The speed of threat intelligence sharing could mean the difference between a localized security breach and a nationwide cyber-attack.

The sharing of sensitive data is not without its challenges, however. Because the chain of technology between organizations contains many human links to clear data, the amount of time it takes for cyber-threat information to be disseminated increases. But, this human verification is absolutely vital for analysis and interpretation, and parallels the speed advantage of a completely automated notification system. While the current automated notification system is a boon for disseminating information for national-to-national correspondence or statewide corroboration, the links among local, state, and national entities are not as straightforward. Most agencies have a dedicated form of communication to openly and privately discuss cyber threats, but the hardware and platforms they utilize are not identical, leaving communication gaps that must be bridged before data can be shared.

The typical command chain of a cybersecurity threat would involve a local or state law enforcement agency contacting the Federal Bureau of Investigations or the Department of Homeland Security. Either of these federal agencies would share the information with the organizations it believes would benefit from the knowledge, from law enforcement to the private or business sector.

The federal government utilizes the Trusted Automated eXchange of Indicator Information (TAXII) and Structured Threat Information eXpression (STIX) specifications to exchange threat intelligence information with other federal agencies. These specifications have not fully trickled down to state and local levels, which could impact an expedient response. The National Cyber Investigative Joint Task Force (NCIJTF) is working with individual law enforcement officers from states nationwide to rectify this situation with a fellowship program. A state or local law enforcement official trains at NCIJTF for six months to act as a liaison between his or her agency after the half-year of training ends.

Bridging the gap among all levels of law enforcement will ensure the speed of dissemination. That bridge includes seamless communication throughout all entities. NC4 proudly works with many public and private sector customers to assist in bridging that gap. Contact NC4 today at (877) 624-4999 to learn how NC4 Mission Center allows your business to collaborate safely and securely on a highly secure web-based platform. Our website contains more information pertaining to risk management, public safety, and information protection.


Back to Security Risks & Intelligence | Back to All Categories