Stronger lines of communication needed to help combat rise in global threats
The Forum of Incident Response and Security Teams (FIRST) opened the doors to its annual conference in Edinburgh today, with association board members and a global line-up of speakers stressing the need for further collaboration among the global security community.
Taking place at the Edinburgh International Conference Centre, the overarching theme for this year’s event is ‘Defending the Castle’.
While this is a clear nod to the historic fortress that dominates the Edinburgh skyline, FIRST chair Thomas Schreck said he hoped the conference tagline would facilitate discussions surrounding defensive best practices amid a rapidly-evolving threat landscape.
“What does [defending the castle] really mean to us? As a security person, I need to protect my organization. We are building walls around castles. Firewalls and all these technologies are getting higher and higher.
“But if we are looking to where we are going, walls don’t help anymore. [Cybercriminals] are going from castle to castle.
“We need to be open and communicative. For me, defending the castle means not only defending my castle, but jointly working and defending all of our castles.”
Threat intel exchange
Also taking the podium this morning was Owen Rodgers, senior principal architect at AT&T.
“Our founder Alexander Graham Bell was born not half a mile away from here, just on the other side of the castle,” Rodgers told the 1,000-strong audience.
“He created AT&T Long Lines, and since then we’ve grown to become the world’s largest telecommunications company. We carry around 163 petabytes of data on an average business day.
“From a cybersecurity perspective, we see 110 billion different probes or attacks or other vectors trying to use our network every single day.”
For Rodgers, too, collaboration among the security community will continue to play a vital role in the industry’s defensive efforts.
“As of last year, we’ve brought AlienVault into the fold as part of our cybersecurity efforts,” he said.
“We feel that the collaborative nature of AlienVault – with its open threat exchange – really complements our ability to take the massive amounts of data that we see, pair them up with open exchange, and make that available to the broader cybersecurity community.”
Working with researchers
Communication and collaboration were not only discussed in the context of computer emergency response teams (CERTs).
Ken Munro, founder and managing partner of Pen Test Partners, urged vendors to open up stronger lines of communication between themselves and security researchers – particularly when it comes to vulnerability mitigation and disclosure.
“You cannot communicate enough with security researchers,” Munro said during a press briefing in Edinburgh this morning.
“By and large, we are well-intentioned. There are some out there who aren’t, but any responsible security researcher just wants to talk [to vendors]. And if you’ve got problems or challenges with a vulnerability or disclosure, just tell them.”
Munro added: “What gets frustrating is when there’s a lack of communication, and it’s us who are doing the chasing. We are there to help, and the difference between a good response and a bad response is communication, almost every time.”
FIRST is the curator of the Common Vulnerability Scoring System (CVSS), the free and open source industry standard for assessing the severity of security vulnerabilities.
Beyond this, the organization acts as an intelligence-sharing hub for nearly 500 CERTs around the world.
With a growing membership base (PDF), newly-appointed executive director Chris Gibson said FIRST was continually working to increase its global representation and remove any geographic ‘blind spots’ when it comes to security.
“We are working on facilitating trusted communications between individuals,” he told The Daily Swig. “If you go to our website, there are areas that are still [underrepresented].
“We are reaching out to those [regions]. A number of years ago we developed a program to fund people from those countries to come to the conference, get them to understand what we are doing, hopefully bring them on board as a full member, and start reaching into some of those areas that don’t have the response teams that we need, to enable me, in my country, to be able to speak to somebody in that country.”
He added: “If a company in that country [is involved in a security incident] and I can’t reach them, then at least there will be a CERT in that country who can hopefully find out. It’s a huge step in the right direction.”
The FIRST annual conference continues all week in Edinburgh.