Information Security News mailing list archives

Previous By Date Next
Previous By Thread Next

More Cyberthreat Info-Sharing Networks Pop Up

From: InfoSec News <alerts () infosecnews org>
Date: Mon, 16 Apr 2012 00:53:20 -0500 (CDT)
http://www.aviationweek.com/aw/generic/story_channel.jsp?channel=defense&id=news/dti/2012/04/01/DT_04_01_2012_p18-438634.xml

By Angus Batey
London
Aviation Week
April 13, 2012
The Lockheed Martin F-35 program made unwanted headlines in the U.K. last month after The Sunday Times revealed that BAE Systems’ portion of the project had been subject to significant data theft. Sources told the newspaper that the network intrusion began in 2009 and had gone undetected for around 18 months.
Industrial espionage, particularly on military projects, is a hallmark of the Advanced Persistent Threat (APT)—the epidemic of intrusions first detected in the mid-2000s and widely attributed to China. The impact of APT successes, when they are disclosed, highlights a problem almost as troubling as the theft of data itself. Investors and customers may lose confidence in a company that declares a significant data breach, yet it is only by sharing information about such breaches that long and complex supply chains can be protected.
To a surprising degree, informal information-sharing networks are sprouting up around the western defense industry to disseminate cyberattack data in near-real time, across borders and even between competing businesses. Whether by email threads, telephone conversations, physical meetings or other means, individuals are alerting one another to new threat vectors and sharing intelligence on system-penetration attempts.
“Information-sharing is there, but it’s not being done in public forums,” says Don Smith, technology director of Dell SecureWorks. “It is fairly effective, but it’s just not visibly effective if you’re not part of the community that’s sharing the information. That parallels what goes on in the mainstream security world, where organizations that you might normally view as competitors are furiously sharing information behind the scenes about the capabilities and tactics of the adversary.” 

[...]


_______________________________________________
LayerOne Security Conference
May 26-27, Clarion Hotel, Anaheim, CA
http://www.layerone.org
Previous By Date Next
Previous By Thread Next

Current thread: