Hundreds of business leaders and academics joined Massachusetts Governor Deval Patrick and Attorney General Martha Coakley to launch the state’s Advanced Cyber Security Center (ACSC), one of the first of its kind in the nation.
Speaking at the local headquarters of the MITRE Corporation, Patrick and other leaders said the center would be a new and important bridge between the researchers, government and the private sector that would help address the threat posed by advanced criminal and nation-backed hackers, while spurring technological innovation and economic growth in the region.
Likening the new center to other Administration initiatives to boost Massachusetts’ economy, Patrick said the State would benefit from embracing the need for better cyber security and being focused and directing Massachusetts’ unique combination of high tech, R&D, public and private resources towards addressing cyber security concerns. Comparing the job of tackling cyber crime to the State’s successful, multi-year effort to improve its finances, Patrick said the Bay State was one of the few nationally to sport a AAA credit rating from all three rating agencies. “We didn’t get there by luck,” he said.
ACSC is set up as a nonprofit corporation that is supported by Mass Insight Global Partnerships. The group is intended to be an umbrella organization for industry, government and academia to work together on fighting advanced cyber threats, with a focus on sharing information about emerging threats and promoting future generations of researchers and cyber security professionals.
Speaking after Governor Patrick, Alfred Grasso, the CEO of MITRE Corp. – a government funded non profit science and technology research firm – cited recent reports about widespread attacks against U.S. private sector firms that McAfee dubbed “Shady Rat.” The U.S., he said, was experiencing an unprecedented transfer of intellectual capital and wealth as a result of insidious cyber attacks. The ACSC was part of a nation-wide effort to stop that transfer by adopting a communal approach to cyber threats.
Speaking in a panel discussion, Doug Maughan, director of the Cyber Security Division of the Department of Homeland Security’s Science and Technology Directorate said that the U.S. needed to shift from an individual to a collective notion of risk and needed new approach to responding to cyber attacks that emphasized early warning about emerging threats.
Attendees at the event said that the idea of a cyber threat clearing house for private sector firms and public organizations was laudable, but wondered how it would relate to other, similar groups that already exist, including industry-level information sharing and analysis centers (ISACs) and programs like the FBI’s InfraGard.
“I want to know if (ACSC) will integrate with programs like InfraGard or replace them,” said Daniel Sarazen, a Senior IT Auditor in The University of Massachusetts’ Office of the President.
Shane Sims, the Director for Forensics at the consulting firm PriceWaterhouseCoopers said the new center could have a real impact in improving cyber security if it can foster better information sharing among companies that have been hacked, or that suspect they are being targeted.
“History has demonstrated that advanced cyber intrusions cannot be prevented and often go undetected for months to years. Organizations have to increase their cyber visibility in order to reduce it. One method to obtain this visibility is to absorb and operationalize as much threat intelligence as possible,” he wrote in an e-mail statement.
While warnings form security vendors are useful, companies are better served by threat intelligence from peers within a given industry, he wrote.
“Having an independent, trusted 3rd party which organizations are willing to push this type of information to and sanitize for dissemination, will hopefully inspire organizations to begin this very important process of sharing threat intelligence quickly. If the ACTC can make it happen, they will be a model which can be replicated across the globe,” Sims wrote.