Last fall the Federal Bureau of Investigation took the historically notable step of issuing a private warning to industry about a group of Chinese government hackers that were stealing data from U.S. companies and government agencies. The FBI sent a nine page alert that said the Chinese hackers were using at least four “zero-day exploits” based on previously unknown flaws in Microsoft’s Windows operating system. The agency also sent along some “indicators of compromise” that companies could use to determine whether they had been hacked by the Chinese.
Most companies are aware that the government has been urging corporations to share information about breaches, and that Congress has been struggling with creating legislation that would actually encourage sharing such information. Corporations in return have suggested that the government should be more forthcoming about information it possesses that could reduce cyber crime, and should be more proactive in alerting companies to continuing threats. In this regard it is useful to be aware of the FBI Liaison Alert System—the FLASH—created in 2013 and used by the bureau to send specific data used in an attack that the FBI believes will be used again.
How often does the bureau issue these alerts? In a July 2015 letter to the Department of Justice Office of the Inspector General, responding to its report on the FBI’s cybersecurity, the agency said “through our FBI Liaison Alert System (FLASH) Reports, we have broadly shared 70 anonymous and declassified technical indicators for immediate action to protect critical networks.”
Sharing of information between government and private industry remains a contentious issue, and the FBI’s efforts in this regard will do little to put the issue to rest. Government will continue to hold close certain information which may either reveal sources or capabilities that could be compromised or that could imperil ongoing security operations. Industry will continue to have concerns over privacy and safeguarding critical information. But the FBI’s FLASH reports offer a tangible example of how sharing information can offer a valuable contribution to the effort to lessen our vulnerability to the ongoing cyber threat.
By Tom Davis, SDI Cyber Risk Practice
SDI #CyberTuesday offers insights and commentary on cyber risk management by SDI’s trusted cybersecurity, privacy and data security experts, skilled practitioners whose decades of experience working for governments and corporations around the world distinguish them as strategists and crisis managers.
You can view previous blog posts on cyber risk management here.
September 8, 2015