Surevine back in America!

The past two weeks have seen Surevine‘s leadership across the pond in Washington making appearances at both the Billington Cybersecurity Summit and the ISAO Standards Organisation International Information Sharing Conference.
 

Billington Cyber Summit

 Billington CyberSecurity

Day One

Our CEO & Founder, Stuart Murdoch, headed out a day early as Surevine were invited, along with other UK companies, to showcase UK Cyber innovation. The mission, arranged by the British Embassy, highlighted the demand for UK cyber innovation in the US and how UK companies can best meet that need.  
 

Day Two

Day two saw Surevine invited to participate in the 9th Annual Billington CyberSecurity Summit. This event held annually in DC in the autumn attracts the most senior people in Government and Military Cyber from the US and their key allies, most notably the UK.
 
One session presented by Mark Sayers from the UK Cabinet Office and Paul Maddinson, former Director of Operations at NCSC UK, now working at the British Embassy in Washington DC, focused on “cyber deterrence strategies in the US and UK.”  The US-UK partnership has been a safeguard of international security for over 70 years, and continues to address the evolving threat of cybercrime. 
 
This year Jeremy Fleming, Director of GCHQ, delivered a closing keynote in his first public conference in the US, which attracted worldwide media attention when he described the Russian state as an “active threat.He stressed the importance of collaboration, concluding his talk saying we face significant threats now and even more so in the future, and withstanding this will require new ways of collaborating with our partners.
 
To round off the summit, Northrop Grumman sponsored the refreshments at a reception at the British Ambassador’s residence – the only building in the US designed by the famous Surrey architect, Sir Edwin Lutyens. Jeremy Fleming and Paul M. Nakasone, the 4-star general who is Commander of US Cyber Command, addressed the attendees, saying that we must confront and adapt to a new reality in cyberspace with persistence. They reinforced that Billington is becoming the most important event of its type for the US-UK cyber partnership. 
 

ISAO IISC

ISAO Standards Organization

The next week, Surevine were invited to address the second ISAO Standards Organisation International Information Sharing Conference. The ISAO Standards Organisation was set up by the Department of Homeland Security to identify a common set of voluntary standards for the creation and functioning of ISAOs.
 
The conference was split over two days with talks by DHS, InfraGard, MITRE and Surevine. The topics covered included: cross-sector threat sharing; delivering actionable threat information; crisis response information sharing; measuring the value of threat information sharing; and TLP to IEP evolution.
 
Surevine’s Stuart Murdoch spoke about Voluntary vs. Mandatory sharing. He started by explaining the heritage of voluntary sharing in CiSP (the Cyber Security Information Sharing Partnership), the FOIA exemptions that NCSC brought, and the confidence that not having Regulators on the CiSP platform brings. He then went on to talk about how Mandatory sharing is increasing, citing the DOD FARS, New York Department of Financial Services, and the FDA regulation of Medical Devices as examples. He then went into detail on NISD and its implementation in the UK.
A number of challenges were posed:
  •  Multiple notification requirements: e.g. GDPR & NISD
  •  Multiple Channels: 
    • CISP for voluntary
    • Competent Authority for Mandatory – but want voluntary too!
  •   Silos vs. situational awareness
    • CISP is cross/multi-sector
    • Competent Authorities are sector-specific
  •   Liability Protections:
    • CISP excludes regulators, is FOIA exempt
    • Competent Authorities ARE regulators, will penalise (e.g. ICO/GDPR)
If you have any questions about Surevine’s presentation, please email us at info@surevine.com or join the conversation @surevine