Opinion: Why democratic countries need a cyberthreat sharing alliance
At a Tel Aviv cybersecurity conference听in January, experts who gathered from all over the world all seemed to agree on one thing: Hackers don鈥檛 respect international borders. 听
The cyberthreats countries face from criminals and terrorists are largely the same. That's why it's urgent for democratic countries to work together to form an international coalition to work together to better defend against them.
Given the significant effort and resources allocated in recent years to keep countries' respective national security domains isolated from each other, such collaboration may seem exceedingly counterintuitive.
But bad actors 鈥 whether they're criminals, terrorists, or rogue nations鈥 don't just take advantage of the deficiencies that plague both private and governmental systems. They exploit the lack of cooperation between the governments and the private sector in each country. And they take advantage of the current lack of cooperation on an international stage.
We are stronger against them when we work together.
The 'international safe house'
The US and Israel are well positioned to lead the efforts to form this international coalition. They are both democratic countries that are powerhouses in the cybersecurity space. Israel is second only to the US as the world's biggest exporter of cybersecurity products and services. The US and Israel could also bring together trustworthy countries such as Britain, Germany, Italy, Holland, and Sweden 鈥 to start.
First, the coalition would create what I like to call an "international safe house."
This would enable members of a trusted coalition to share information, technology, and tactics with each other in order to tackle global cyberthreats.
Terrorist cyberattackers won't restrict their operations to one country. An attack on one country almost always means another will fall victim soon. Simply put, an attack on an ally can be the first step to gathering information and preventing compromising similar weaknesses in your own country鈥檚 domain.
Second, each coalition member would build its own "cybergym" 鈥 a training space to build systems to defend their country's existing digital infrastructure, study cybersecurity best practices, prepare for emergency situations, and train its civilian and security institutions.
Each nation鈥檚 Computer Emergency Readiness Team (CERT) 鈥 the agencies usually responsible for analyzing and reducing cyberthreats and vulnerabilities, and for disseminating cyberthreat warning information 鈥 would lead the effort to set up these arenas.听
United response to global threats
Each country would be able to take the information on real-time threats 鈥 and strategies to defeat them 鈥 from their cybergym and share them with its partners in the international safe house.听
Every country has utility companies, telecommunication infrastructure, medical records and biometric data bases, airlines, civilian nuclear facilities, banking systems and even nationwide retailers that are all susceptible to attacks 鈥 and need to be protected. Some hackers into these systems are small and easily detected and stopped; other hackers have an international strategy, making them more dangerous. But regardless of which country a particular industry finds itself, the hackers鈥 tactics will be easily transferrable across international borders.听
For example, let鈥檚 say the network of a large bank in one country has been targeted by a new strain of ransomware. The company could report the threats it鈥檚 facing with the cybergym 鈥 and this cooperation would enable other banks across the world to better protect themselves against that threat. What鈥檚 more, if other partners have already seen that threat, they could share their defense strategies with the targeted bank.听听
Just as a nation-state can no longer count on its military as its sole security defense, a nation cannot maintain the security of its public utility infrastructures鈥 and private sector鈥檚 cybersecurity needs if their defense strategies and product remain isolated. By working together with other trustworthy nations to share information, techniques and best practices, we can all put up our best defense at home.
Safeguarding civil liberties听
At the same time, we are all worried about preserving privacy and protecting proprietary information.
Every time the idea of information sharing between the government and private sector is raised, so are questions about preserving citizens鈥 privacy.听The US, for instance, finally passed a cybersecurity threat information-sharing bill late last year after a vigorous debate about sharing information between private companies and the government to prevent cybersecurity threats while also protecting people鈥檚 personal information and privacy.
We need to find a way to achieve international threat-intelligence sharing without exposing a country鈥檚 weaknesses or its most sensitive information, nor grossly undermining individuals鈥 privacy.
Industry leaders must be part of this process as well, explaining and ensuring that cyber-related regulations are balanced with basic freedoms of the individual. As has been seen in the US, there will be a complex balancing act and, at least initially, the private sector will have the stretch the limits of what they would be comfortable sharing.
However, the cost of delaying this cooperation and decisions over how the private and public sector interact, just because the right amount of compromise would be difficult to achieve, is no longer sustainable. Without an international safe house, these companies and governments are endangering their entire cyber networks.
An international coalition can maintain both privacy and the civil rights of countries and individuals by working towards setting global standards for governments and industry in these areas.听听
If there鈥檚 one lesson we can learn from the hackers, it鈥檚 this: Just as their cyberattacks hold no borders, we should also tear our walls down when it comes to cooperating in our defense against them.
Erel N. Margalit is a member of the Israeli Knesset, an entrepreneur, and a venture capitalist. Follow him on .
听
