The session was introduced by Jonathan Sage, Government and Regulatory Affairs Executive at IBM and Principle 8 Taskforce Lead. Launched in 2018, the Charter of Trust aims to drive security in an insecure, connected world and all of its members collaborate to implement the Charter’s 10 Principles. The Principle 8 Taskforce ‘Transparency and Response’ aims to achieve the following objectives:
- Establish appropriate corporate policies that allow threat information sharing for individuals within the CoT;
- Establish a strategic and operational threat information response forum within the CoT;
- Leverage an existing platform that allows threat information sharing, therefore augmenting awareness and enabling scaling to supply chain.
Kevin Albano, Associate Partner at IBM Security X-Force Threat Intelligence, presented the current threat landscape amid the COVID-19 pandemic. The global proliferation of ransomware puts companies worldwide at higher risk as they are facing “Human-Operated” Ransomware-as-a-Service operations. Following the payment of a ransom, threat actors are further motivated to increase both the number of attacks and the price of the ransom itself.
This was followed by an industry panel discussion moderated by Jonathan Sage:
- Holger Steinlechner, Senior Security Specialist at Allianz, provided insight on the provenance and challenges of threat information sharing. Companies share indicators of compromise, knowledge and insights into incidents to improve their defenses against attackers. Among the prerequisites, trust is an essential component of threat information sharing.
- Regarding the Internet of Things (IoT), Hans de Jong, Senior System Architect and Fellow at NXP, highlighted that the hardware and the firmware cannot be updated easily or at all. Therefore, incidents must be shared with trusted entities who are affected or have to take action.
- Karl Alles, Group Security Officer at Atos, noted that the increasing complexity of the supply chain and very well-organized adversaries require a timely availability of threat information. Within the Principle 8 Taskforce, members exchange regularly as part of the Human-to-Human Network using the Information Sharing Traffic Light Protocol (ISTLP) adapted for the CoT.
Choo Kim-Isgitt, Chief Revenue Officer at TruSTAR, presented the TI sharing platform used within the Human-to-Human Network, which features enclaves to manage various sources with cloud-based data repositories. As illustrated by the City of Los Angeles CyberLab, private enclaves are also made available for each member.
The audience. which was comprised of governmental and industry stakeholders from around the world as well as fellow CoT representatives, was invited to share their thoughts and questions with our panelists throughout the discussions and during our Q&A session.
To hear the full discussion between our experts, make sure to check-out the recorded webinar above and stay tuned for more Charter of Trust webinars coming soon!