This initiative covers three dimensions: information sharing policy, establishing a human network (H2H) and implementing a shared threat intelligence platform. This initiative is proceeding as a proof of concept over the next six months.
Why is sharing threat information important and why the Charter of Trust?
Trusted partners within the Charter bring in observations from different industry sectors and geographies and thereby develop the partners’ collective experience, visibility, and knowledge. This capability is particularly valuable when a wave of new cyber threats manifests itself. An established sharing policy enables knowledge transfer between member organizations and enhances detection and defense of fast-moving threats such as ransomware and destructive attacks. Trusted partners can better protect their networks and to some extent, their customer networks.
As an example, the global Covid-19/Coronavirus pandemic created a massive opportunity for threat actors to exploit. Soon after the pandemic was declared, threat actors took advantage of the public’s fear of the virus and crafted spear phishing campaigns that offered vaccines, treatments, infection heat maps or access to government relief programs. Their tactics compromised organizations with malicious software like ransomware and likely resulted in productivity and financial losses. Sharing threat information can mitigate these types of attacks. Information used to mitigate such threats may include the domains used in the attacks or information on the malware deployed in an attack.
In starting this initiative, we have learnt from similar sector specific Information Sharing and Analysis Centres (ISACs) who have provided us with useful insights in how to proceed, such as the usage of the Traffic Light Protocol to categorize different levels of threat intelligence and have expressed interest in working with us in the future. The threat intelligence sharing platform we are using in this phase is based on a similar threat intelligence community building initiative launched by Trustar and the City of Los Angeles (https://www.lacyberlab.org/).