To demonstrate my point, I’m going to take this out of the cyber realm for a moment and show you a message that probably everyone, even non-smokers, will understand.
The surgeon generals of nearly every country in the world put messaging on packs of cigarettes. Some are more elaborate than others, but the same message appears on all -- “Smoking Cigarettes will kill you”, or in the case of this New Zealand pack of smokes, the message on the front is pretty straight forward, but on the back is a full page ad and a picture of a rotted foot! Why am I talking about the message on a pack of cigarettes? Everyone knows that cigarettes kill right?
It works because this message is simple, ubiquitous, and because it’s been published for so long, that a very high percentage of the global smoker community knows…. They may choose to smoke, but it could (probably will) kill you.
Now try this one.. I received this warning in an email from the FBI earlier this week. Sorry for the resolution.. It’s the banner that appears at the bottom of reports that get pushed out to tens of thousands of people from the the group formerly known as Infragard. It’s funny. Nearly everyone in my office has or has had a security clearance. Two of us were communicators in the military but neither one of us could actually decipher the meaning of this banner --instructions on how/where we could send or use this report.
So, I’d like to share this reporting with members of the Alliance, but the banner is a ‘Warning’ --”(U) Warning:... It is subject to release restrictions as detailed in the Homeland Security Act of 2002, as amended… “ and “It is to be controlled, stored, handled, transmitted, distributed and disposed of in accordance with DHS and FBI policy for FOUO information…”
What is the DHS and FBI policy for FOUO information state?
And what happens if I don’t know and share it with someone who might use it to protect themselves or their company but I inadvertently go sideways on these rules? Am I going to be fined? Go to jail? Will the black helicopters swoop down and take me away? Do I really need to go look this up?
Why is this so hard?
When I talk about Red Sky Alliance, and why members join us, I tell them this…
Red Sky was funded by a group of companies who wanted to share information between themselves, or wanted to work with the government, but for various reasons were not able, or they just found it really hard.
Why? In the beginning, most members fell into one or more of these categories:
They all just wanted help… but...
- Many weren’t invited to work with the intelligence community program (mentioned earlier);
- Some of the companies were not considered ‘critical infrastructure’ (and therefore couldn’t go, or didn’t want to go, to DHS);
- Or they were concerned with bringing in law enforcement (typically the FBI),
- Or they wanted to participate with the DIB folks under DCISE, but the doors, for various reasons, were closed to non-defense contractors,
- Or perhaps the rules associated with working with government information sharing (see the banner above!) turns off the companies to participating (that banner is only the beginning!)
- Or trusting the government with internal company data is a massive leap of faith that many will just not take,
- Or, they loved the services offered by current Red Sky analysts, and wanted to support us in our venture (THANK YOU!!!)
So how did we fix it?
- Red Sky speaks PGP (and we're working on TLS). The government speaks SIPRNET. The two don’t talk. And with Red Sky, you don’t need any special gear, software, or DSS visits! Wuhoo!
- Red Sky only has UNCLASSIFIED data. Do you know how hard it is to find good unclassified threat data? Certainly some of the government data might be cool, but it's nearly always classified, and therefore, unusable. We don’t use government data.. and we’ve written over 100 technical and intelligence reports anyway… so here’s the dirty little secret.. the best stuff doesn’t always come from them! (shhhh.. we don’t want anyone to know!)
- With some of the government programs, “you get what’s in the fridge” (yes, someone actually said that!”). With Red Sky Alliance, you get what all of us have in the fridge…. and the membership casts a really, really wide net…
When was the last time someone showed you pictures of some of those pesky hackers, what they want, how they operate, and how you might protect your company from them… without making you sign a 75 year non-disclosure agreement, checking your clearance at the front door, after your long flight to Washington, requiring a DNA sample and placing a chip in your head? (just kidding about the chip… although, you might want to break out your tinfoil hat!)
We do our best to make Red Sky simple, pain free, smart, completely usable, and timely… is it perfect? No, but we try really hard. Here’s how:
- Red Sky data is completely unclassified. You can use it however you need to protect your company or your customers as long as you can maintain positive control over the data.
- Unlike subscriptions, where most of the data gets tossed, many of our members tell us that they process and use every piece of information that we give them.
- You get the ability to ask questions and share notes with companies large and small, who, just like you, only want to protect themselves.. and they are all experts in their field --just like you.
- Red Sky will make your team more efficient. Even if you’re a small team and just realizing the problems of APT, targeted corporate espionage, or determined adversary threats, don’t repeat work. Ask the membership. They’ve been through it already. They know the pain. They know what the 24 hour workdays feel like, the uncertainty of it all, the nervousness of job insecurities when briefing the board, and best of all.. how to get through it.
It shouldn’t be so hard.
Don’t feel comfortable jumping into a collaborative just yet? Give us a call. We can help.
Neuberger talks of NSA's efforts to help companies in three different options: general, targeted and operational efforts.
Red Sky has, and does, deliver all three today:
General: The social network environment is a great way to share information. It's informative, assistive, and allows those who can use the data to pull from it and protect themselves. Companies share information, lessons learned, forensics and early warning. Our dedicated analysts take that data and turn it into something useful in the form of a Fusion Report and a list of indicators that go with that particular story.
Targeted: For the last six months, Red Sky's Manchester, NH based Wapack Labs has been writing targeted threat intelligence, technical fusion and warning products for folks who are members of the Alliance, but need help dealing with the data. In most cases, our requests have come from members who know they need threat intelligence but don't have the internal capability to do it themselves. Our job? Show them the wolves closest to the sled today, then what to watch for next, and then after that --all specific to the requester, not the general community.
Operational: Many of the Red Sky members are massive managed security service providers --Red Sky data is used in their MSSP operations to protect data. Heck at least one of our companies protects the government! Second, the Lab in Manchester hosts the backend of monitoring solutions that will allow us to ensure that your current MSSP isn't letting bad stuff through, or for those without an MSSP, the operational arm in Wapack can help you decide exactly what kind of protections you need to put in place.
It's all about money... but not government budgets. It should be about how companies should spend the money they have to protect the products or services they create.
It shouldn’t be so hard.
Until next time,
Have a great week!