Cybersecurity groups pledge to work together

Three groups establish a cyber 'chain of trust'

Three cybersecurity groups want to create a network of organizations and people focused on securing the Internet in an effort to combat malicious software.

The Anti-Spyware Coalition (ASC), the National Cyber Security Alliance and rolled out a new program Tuesday called the Chain of Trust. The Chain of Trust Initiative will attempt to link together security vendors, researchers, government agencies, Internet-based companies, network providers and education groups in a united front against malware.

The U.S. government needs stronger partnerships with the private sector to identify criminals and stop attacks, said Shawn Henry, assistant director of the Cyber Division at the U.S. Federal Bureau of Investigation.

"We have to get intelligence information about the attacks in order for us to go and mediate them," Henry said at an ASC workshop in Washington, D.C.

In addition, the FBI helps private companies by sharing the information it has on attackers or methods, he added. "If we can identify specific signatures, if we can identify new attack vectors the adversaries are using, if we can get that intelligence out to the private sector, there's great value there," he said.

Attacks from three types of organized sources -- foreign intelligence agencies, terrorist sympathizers and organized crime -- are growing rapidly, Henry said. Asked how fast those types of attacks are growing, Henry declined to give solid numbers. "The trend is way up, and it's a steep increase," he added.

The goal of the Chain of Trust program is to create a united approach to fighting malware, said Ari Schwartz, ASC's coordinator and vice president at the Center for Democracy and Technology.

"Strong security in any one organization or sector is not enough to combat an agile, fast-evolving threat like malware, which exploits security breakdowns between entities," Schwartz said. "We all need to work together to build a system that can withstand and repel the next generation of exploits."

ASC, started four years ago, organized the larger Internet community to protest harmful nuisance adware, sometimes supported by legitimate advertising and venture capital groups, Schwartz noted. The united pressure has driven all the major nuisance adware companies out of business, he said.

The pressure made the nuisance adware vendors "have to decide whether to become legitimate players in the marketplace ... or go completely to the dark side and not be able to take that kind of mainstream funding," Schwartz said.

The first effort of the Chain of Trust Initiative will be to map the network of organizations and people that are working on cybersecurity, the groups said. The initiative will also focus on identifying vulnerabilities within the chain and on developing consensus solutions to cybersecurity problems.

The initiative plans to issue a paper with initial recommendations in the next six months.

Join the CSO newsletter!

Error: Please check your email address.

Tags cyber security

More about etworkFBIFederal Bureau of Investigation

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by Grant Gross

Latest Videos

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

  • 150x50

    IDG Live Webinar:The right collaboration strategy will help your business take flight

    Speakers - Mike Harris, Engineering Services Manager, Jetstar - Christopher Johnson, IT Director APAC, 20th Century Fox - Brent Maxwell, Director of Information Systems, THE ICONIC - IDG MC/Moderator Anthony Caruana

    Play Video

More videos

Blog Posts