SINT MAARTEN—The rift between between threat intelligence services, private companies, and the government is getting muddier around information sharing.
Catherine Lotrionte, the Associate Director of the Institute for Law, Science and Global Security at Georgetown University, described the some of the challenges associated with cyber threat intelligence sharing in a keynote at Kaspersky Lab’s Security Analyst Summit Monday.
Lotrionte, a lawyer who previously worked at the Central Intelligence Agency, started her keynote by reciting an old adage, how the role of the government collecting intelligence is often referred to as the second oldest profession. She acknowledged that virtually all nation states collect, often under their own rules, which vary. As a general rule however, it’s not usually regulated under international law, something that puts the onus on governments to outlaw acts under their domestic laws.
With that in mind, Lotrionte warned in her keynote that some ethical principles and guidelines might not be codified in statutes.
“You could be doing more than collecting intelligence, what kind of issues arise when you’re doing the government’s work?” Lotrionte asked.
Threat intelligence services especially can pose a problem to cyber espionage operations, she said. Particularly when it comes to organizations using dirty assets when recruiting or infiltrating organizations. The use of private entities to collect data also complicates things.
“There are rules involved here,” she said. “There’s a class of specially protected individuals. These rules were developed, based on ethical ideas what we wanted our government to do and not to do.”
For a long time the private sector and the government stayed in their own lanes but with the recent proliferation of cyber threat intelligence services, some firms have begun to veer into the other lane, Lotrionte said.
“If you disclose a bug or malware will it compromise the role of a National Security Agency or other entity?” she asked before proposing that there should be a better medium for intelligence services and companies to communicate cyber operations.
Lotrionte said the role of journalists can add a new ripple to things as well, often leaving disclosure up to an editor’s independent decision.
On the other side of the coin, there are legitimate reasons for government agencies to withhold intelligence, she said.
“My view is – and I may be biased since I worked in the government – there are times when the U.S. government has information that cannot be publicly announced, if the government is going to do that, the information should be accurate or they could be in violation of the rules of blowback.”
“If accurate and truthful, governments could have a good reason [to not disclose].”
