{"id":75198,"date":"2017-12-13T09:00:46","date_gmt":"2017-12-13T17:00:46","guid":{"rendered":"https:\/\/cloudblogs.microsoft.com\/microsoftsecure\/?p=75198"},"modified":"2023-05-15T23:03:17","modified_gmt":"2023-05-16T06:03:17","slug":"how-public-private-partnerships-can-combat-cyber-adversaries","status":"publish","type":"post","link":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2017\/12\/13\/how-public-private-partnerships-can-combat-cyber-adversaries\/","title":{"rendered":"How public-private partnerships can combat cyber adversaries"},"content":{"rendered":"

\"\"<\/p>\n

For several years now, policymakers and practitioners from governments, CERTs, and the security industry have been speaking about the importance of public-private partnerships as an essential part of combating cyber threats. It is impossible to attend a security conference without a keynote presenter talking about it. In fact, these conferences increasingly include sessions or entire tracks dedicated to the topic. During the three conferences I\u2019ve attended since June\u2014two US Department of Defense symposia, and NATO\u2019s annual Information Symposium in Belgium, the message has been consistent: public-private information-sharing is crucial to combat cyber adversaries and protect users and systems.<\/p>\n

Unfortunately, we stink at it. Information-sharing is the Charlie Brown football of cyber: we keep running toward it only to fall flat on our backs as attackers continually pursue us. Just wait \u2018til next year. It\u2019s become easier to talk about the need to improve information-sharing than to actually make it work, and it\u2019s now the technology industry\u2019s convenient crutch. Why? Because no one owns it, so no one is accountable. I suspect we each have our own definition of what information-sharing means, and of what success looks like. Without a sharp vision, can we really expect it to happen?<\/p>\n

So, what can be done?<\/h2>\n

First, some good news: the security industry wants to do this–to partner with governments and CERTs. So, when we talk about it at conferences, or when a humble security advisor in Redmond blogs about it, it\u2019s because we are committed to finding a solution. Microsoft recently hosted BlueHat, where hundreds of malware hunters, threat analysts, reverse engineers, and product developers from the industry put aside competitive priorities to exchange ideas and build partnerships. In my ten years with Microsoft, I\u2019ve directly participated in and led information-sharing initiatives that we established for the very purpose of advancing information assurance and protecting cyberspace. In fact, in 2013, Microsoft created a single legal and programmatic framework to address this issue, the Government Security Program<\/a>.<\/p>\n

For the partnership to work, it is important to understand and anticipate the requirements and needs of government agencies. For example, we need to consider cyber threat information, YARA rules, attacker campaign details, IP address, host, network traffic, and the like.<\/p>\n

What can governments and CERTs do to better partner with industry?<\/h2>\n