Concurring on the need to effectively share information while disagreeing about the usefulness to companies of government cyber intelligence, panelists at the C4ISR Journal Conference discussed the merits of disclosing classified information to private companies.
The panel, moderated by C4ISR Journal Executive Editor Brad Peniston, discussed a variety of cyber issues, including the potential for offensive operations as well as the true magnitude of the cyber security threat. While largely in agreement that the threat has been overblown, the topic of information sharing proved more controversial.
“For a very long time there was this feeling like ‘Boy, the government’s got this classified stuff and if I could just get my hands on it, it would solve all the problems,’” said Jenny Menna, director of critical infrastructure cyber protection and awareness at the Department of Homeland Security. “I think they’ve looked at some of the classified information at the same time that we’ve been able to strip out those actionable indicators, and they say, ‘You know what, it’s not the classified information that I need every day. Maybe its nice to get a briefing once a quarter for context, but that’s not something what we need every day to take action.’”
Mark Weatherford, vice president and chief security officer at the North American Electric Reliability Corp., said that his experience with classified intelligence proved that the information can be useful.
“I can’t tell you how many times, because I do have a security clearance and do get classified briefings, that I get classified information that’s important and I would like to share with my industry, but I can’t talk about it,” he said. “It’s critically important that we figure out how to take classified information within government and sanitize it to a level that’s actionable for the critical infrastructure in the private sector, because it does absolutely no one any good to have classified information that perhaps is threat-related or vulnerability-related that can’t be shown to the private sector.”
Weatherford is slated to leave his current position to join the Department of Homeland Security, and said that the issue of disclosure would be on his mind.
Weatherford and Menna were joined by Dmitri Alperovitch, president of Asymmetric Cyber Operations; Rich Plane, head of development and delivery at Harris Cyber Integrated Solutions; and Kristjan Prikk from the Embassy of Estonia.