govloop logo link to homepage

  • Training
  • Resources
  • Academy
  • NextGen
  • Blog
    • Community Posts
    • Career
      • Human Resources
      • Leadership
      • Policy
      • Professional Development
      • Project Management
    • Communications
      • Citizen Engagement
      • Digital Government
      • Social Media
    • Tech
      • Acquisition
      • Analytics
      • Artificial Intelligence
      • Big Data
      • CIO Conversations
      • Cloud
      • Cybersecurity
      • Emerging Tech
      • GIS
      • IT Modernization
      • Mobile
      • Open Data
    • State and Local
  • About Us
  • Register
  • Log In

Cybersecurity, State and Local

Cyber Intelligence Sharing Amongst Government Agencies

Lester Godsey March 3, 2021

Sharing is caring!

For many agencies, the concept of intergovernmental sharing and cooperation is built into government DNA. Take, for example, the concept of mutual aid for fire departments. Our residents don’t care who exactly responds to their medical or fire emergency. Frankly, shared borders make governmental cooperation with one another mandatory. The question is does this mentality exist within your agency when it comes to information security?

What exactly do we mean when we talk about intelligence sharing? Of course, this includes best practices, lessons learned, sharing of strategies, etc.

But what this really means is sharing who is knocking on your network doors, who has gotten in and how did you get them out. Cyberspace is much like outer space – it can get lonely out there if you don’t have a group that has your back.

Threat Intelligence

Before we talk about intelligence sharing, let’s define threat intelligence. According to Gartner, “threat intelligence is evidence-based knowledge, including context, mechanisms, indicators, implications, and action-oriented advice about an existing or emerging menace or hazard to assets. This intelligence can be used to inform decisions regarding the subject’s response to that menace or hazard.”

In simple terms, it is a source of information that one can use to make good decisions about cyber risk.

The catch is this: The threat intelligence is only as good as the people, processes and technologies used to generate it. It is no different than having a confidential informant who is unreliable, gives you bad information, or gives you great information but after the point that it’s really useful. Threat intelligence is pretty much the same. Some of the most popular threat intel feeds are paid subscriptions by big-name vendors. Conversely, there are free ones out there, but user beware – sometimes you get what you paid for.

Why Share and Target Government?

OK, so if there are different threat intelligence options to get cyber information, why are we talking about governmental intel sharing? A couple of reasons:

  1. More data, as long as it is accurate, timely and relevant, is always better than less data.
  2. Threat intelligence can bend is often very specific, whether to a sector (e.g. entertainment, government, etc.), region (e.g. state of Arizona) or agency (e.g. Maricopa County), so why not share it with those who share your concerns?
  3. Because government agencies interact with other agencies regularly, if one organization gets compromised, chances are good that information about other government orgs will be compromised.
  4. In addition to above, this information about another agency might lead to cyber attacks on them as well.
  5. Government tends to get targeted by everyone: nation-state, organized crime, hacktivists, individuals/groups that want to test their skills or generally be disruptive, etc.
    • Whether warranted or not, there is a significant amount of mistrust and lack of confidence in government these days which makes us targets of cyber crime.
    • As with bullet #2, why not share with those who are likely to see the same sort of attacks and have similar concerns and risks?

So Where to Start?

It doesn’t take complicated or expensive software. Build a relationship with those agencies that you interact with the most. There’s a chance that regional organizations exist, either specific to government infosec services or IT.

In Arizona, there are governmental groups that support both IT and InfoSec. If you are thinking nationally, there are a number of organizations that are considered ISAOs or Information Sharing and Analysis Organizations. The ISAO that specifically supports government agencies is called MS-ISAC (Multi-State Information Sharing and Analysis Center).

Of Note: Here’s where it gets sticky. For a variety of reasons (too many to go into in this blog), there may be reasons why you might be reticent to share information, especially around being successfully “hacked.” Ransomware is a great example. Depending on how severely your agency is impacted, this fact might get out no matter what you do. Even then, you probably want to determine when this is disclosed and how the message is crafted. As mentioned in a previous blog post, trust with your constituents is critical. The bottom line, people and organizations are naturally disinclined to want to share bad news publically.

So how can you share intelligence so that others can protect themselves while being mindful of your org’s needs? In InfoSec parlance you can share intel either in an attributed or an unattributed fashion. Attributed means to link the intel to the organization where it occurred, while unattributed means to provide intel without specifically identifying the org.

In Arizona, many government agencies report suspicious cyber activities or instances of compromise to our state fusion center. The default way that this intel gets reported is unattributed. The salient technical details (which are too numerous to go over in this blog) and the general area of government that the agency belongs to are shared with the government community, and that’s it. So if Maricopa County were to report suspicious cyber activities, the intel would be shared like this: “A local government agency in the state reported…” This way those receiving the intel would have the tech specs and know what sector and type of government agency was impacted. Of course, if your agency is comfortable with disclosing their identity, that is potentially more helpful.

The Future of Intel Sharing

Many agencies are working towards automating the ingestion and sharing of threat intelligence. Why? So we can a) be aware of risks sooner and b) assuming we trust the information, start automatically blocking suspicious behavior before it even makes it into our respective networks and systems.

Additionally, we’re seeing improved communications and overall sharing between federal, state and local governments. With the creation of the Cybersecurity and Information Security Agency (CISA) in 2017 and the increased prioritization of information security in government, we are collectively on the right track.

Thanks for checking out this week’s blog!

Interested in becoming a Featured Contributor? Email topics you’re interested in covering for GovLoop to [email protected] And to read more from our Winter 2021 Cohort, here is a full list of every Featured Contributor during this cohort.

Lester Godsey is the Chief Information Security and Privacy Officer for Maricopa County, Arizona, which is the fourth most populous county in the United States. With over 25 years of higher education and local government IT experience, Lester has spoken at local, state and national conferences on topics ranging from telecommunications to project management to cybersecurity and data. His current areas of professional interest center around IoT (Internet of Things) technology and data management and the juxtaposition of these disciplines with cybersecurity. You can follow Lester on LinkedIn.

Tags: information security, intel sharing, threat intelligence

Related Content

  • Minimize Phishing: Think Mobile Security

  • The Misconception of Austerity Mindset in Local Government

  • Plan Equitable Outdoor Spaces With GIS

Leave a Comment

Leave a comment

Leave a Reply Cancel reply

You must be logged in to post a comment.

Featured

  • Citizen Engagement

    A Core Discipline to Build Public Trust: Customer Experience

  • Leadership

    Facilitative vs. Directive Leadership: What You Need to Know

  • Career

    What Is Your Leadership Style?

Poll of the Week

Could your inbox use a little more awesome?

Sign up now to get our free Daily Awesome newlsetter featuring gov-focused resources, trainings, blogs and articles to help you do you job better.

Recent Articles on GovLoop

  • A New Option for Overcoming Regulatory Hurdles to the Cloud
  • Minimize Phishing: Think Mobile Security
  • Future-Proof Citizen Engagement with Intelligent Help Centers
  • A Core Discipline to Build Public Trust: Customer Experience
  • Connecting Nontechnical Staff to Technology Projects

Previous

3 Tips for Incorporating Employee Engagement Into Your Leadership Style

Next

Story Structure Basics Can Build Your Success

govloop grey logo link to homepage

GovLoop is the knowledge network for government - the premier social network connecting over 300,000 federal, state, and local government innovators.

A great resource to connect with peers, share best practices, and find career-building opportunities.

  • About Us
  • Academy
  • Sponsorship
  • Testimonials

© 2021 GovLoop

  • Help
  • Privacy Policy
  • Terms of Service
  • Sitemap
  • Do Not Sell My Personal Information
x