Monthly Archives: January 2016

Exchanging Cyber Threat Intelligence: There Has to Be a Better Way

Larry Ponemon

Larry Ponemon

Our second annual study on Exchanging Cyber Threat Intelligence: There Has to Be a Better Way reveals interesting trends in how organizations are participating in initiatives or programs for exchanging threat intelligence with peers, industry groups, IT vendors and government.

According to the 692 IT and IT security practitioners surveyed, there is more recognition that the exchange of threat intelligence can improve an organization’s security posture and situational awareness. However, concerns about trust in the sources of intelligence and timeliness of the information continue to be a deterrent to participation in such initiatives.

Forty-seven percent of respondents say their organization had a material security breach that involved an attack that compromised the networks or enterprise systems. This attack could have been external (i.e. hacker), internal (i.e. malicious insider) or both. Most respondents (65 percent) say threat intelligence could have prevented or minimized the consequences of the attack.

Following are key research takeaways:

Threat intelligence is essential for a strong security posture. Seventy-five percent of respondents, who are familiar and involved in their company’s cyber threat intelligence activities or process, believe gathering and using threat intelligence is essential to a strong security posture.

Potential liability and lack of trust in sources of intelligence, keep some organizations from participating. Organizations that only partially participate cite potential liability of sharing (62 percent of respondents) and lack of trust in the sources of intelligence (60 percent of respondents). However, more respondents believe there is a benefit to exchanging threat intelligence.

Organizations rely upon peers and security vendors for threat intelligence. Sixty-five percent of respondents say they engage in informal peer-to-peer exchange of information or through a vendor threat exchange service (45 percent of respondents). IT vendors and peers are also considered to provide the most actionable information. Law enforcement or government officials are not often used as a source for threat intelligence.

Threat intelligence needs to be timely and easy to prioritize. Sixty-six percent of respondents who are only somewhat or not satisfied with current approaches say it is because the information is not timely and 46 percent complain the information is not categorized according to threat type or attacker.

Organizations are moving to a centralized program controlled by a dedicated team.  A huge barrier to effective collaboration in the exchange of threat intelligence is the existence of silos. Centralizing control over the exchange of threat intelligence is becoming more prevalent and might address the silo problem.

I hope you will download the full report.

Verizon grounds JetBlue — another Plan B goes badly

Bob Sullivan

Bob Sullivan

Verizon managed to ground an airline for several hours on Jan. 14. But it’s important to ask: Who’s really to blame?

Discount airliner JetBlue appears to have cut some corners with its disaster recovery planning. The airline suffered nationwide delays on Thursday when many of its computer systems went down, preventing fliers from checking in. The problems lasted at least three hours, and probably longer, halting flights at many airports.

JetBlue blamed the outage on Verizon.

“We’re currently experiencing network issues due to a Verizon data center power outage. We’re working to resolve the issue as soon as possible,” JetBlue said on its blog. “The power was disrupted during a maintenance operation at the Verizon data center.  Verizon can provide more details into the cause.”

At 2:30 p.m. ET, JetBlue posted an update saying it was still experiencing system issues.

Verizon told me the problem began three hours earlier.

“On Thursday morning at 11:37 am ET, a Verizon data center experienced a power outage that impacted JetBlue’s operations,” the firm said in a statement. “JetBlue’s systems are now being restored.  Our engineering team has been working to restore service quickly, and power has been restored to the data center.”

The impact of the outage was dramatic: “Customer support systems, including jetblue.com, mobile apps, 1-800-JETBLUE, check-in and airport counter/gate systems, are impacted,” JetBlue said.

Consumers spent the early afternoon Tweeting their displeasure and the uncertainty the outage created.

“At least make some estimates on flight delays so people can make informed decisions,” said Jared Levy on Twitter.

It’s worth noting that JetBlue said on its blog at 1:50 p.m. that power had been restored to to Verizon’s data center, “and we are working to fully restore our systems as soon as possible.”

That sure sounds like JetBlue is completely dependent on Verizon. Maybe the firm had some rollover plan that it never implemented, and got the idea that doing so would take longer than waiting for Verizon to fix its electricity problem. Either option doesn’t sound great. A misbehaving backhoe can take down a major airline’s operation? In the middle of the day?  And it stays down until Verizon can implement a power fix? Sounds like someone’s plan B wasn’t grade A.

That’s not uncommon, however. One of my favorite stories, now nearly five years old, was titled “Why plan B’s often work out badly. ” Inspired by the Japanese nuclear power plant disaster, I examined why backup plans often fail when reality strikes.  The short answer: It’s very hard to create an entirely duplicate universe where you can test plan B.  And it’s even hard to keep on testing it regularly and make sure it actually works. To wit: Your snow plow often doesn’t start after the first snow because it’s been sitting idle all summer.

Of course, big airlines should do better. But reality is, they often don’t. Hopefully more details will emerge soon so we can all learn from this.