The Essential Risk of Facebook ThreatExchange

Duran Holycross

Last month Facebook announced a new social network called ThreatExchange, which, according to the International Business Times, "is designed to help cybersecurity experts protect Internet users from malicious software and security vulnerabilities by allowing them to alert each other quickly about evolving threats." Saying that companies who participate can do so selectively to ensure that they don't "accidentally divulge private information," Facebook wants to make it "easier for an organization that may want to share data that needs to be handled with extra sensitivity."

Hmm... As a long-time member of the profession being targeted by this initiative, I immediately see a number of red flags. For starters, I think we can all agree that nobody's going to share real intelligence on a real hack without being guaranteed some privacy or, ideally, full anonymity.

But the big problem is that anonymity is a two-way street. It's well-known that intelligence and military units around the world specialize in the tactical sharing of disinformation. And we already have a high degree of insecurity about people being who they say they are on the internet, and about who's really wearing a black hat and who's wearing a gray one within the information security world.

My Questions about ThreatExchange

So with Facebook ThreatExchange, I may applaud the mission, but I have to ask, who vets the membership? How are their identities validated? What's the definition of success in a venture such as this? Who's to say that a member of the board hasn't run into financial troubles, taken up illicit activities, and that his or her focus hasn't changed from helping the community to profiting from it? Expert communities, including ours, tend to hear the most noise from the least experienced members and, on the whole, internet technical groups can tend to generate more heat than light on important issues.

In fact, I do think that we, as security specialists, ought to share threat intelligence. I am pro-information-sharing. However, the idea of sharing my risks and concerns with an anonymous group of internet techies just doesn't fly. What I have seen work well over the past decade is to trade tips and methodologies within a trusted community of people in face-to-face settings, such as local or regional ISSA (Information Systems Security Association) meetings. In a thoroughly digital world with threat actors like nation-states and organized crime groups, we have to continue to flex the old saw, "Trust no one."

Comments? How are you collaborating with your peers on threat intel? We welcome discussion in the section below, whether on this topic or one you'd like to see covered here in the blog.

Duran Holycross is the vice president, information systems at Guidance Software. In this role, he leads operations and allocates resources to improve the quality and cost-effectiveness of our company's technology.

No comments :

Post a Comment