This week’s episode of The Cowbell Factors featured Michael Daniel, President and CEO of the Cyber Threat Alliance (CTA). Michael brings a wealth of knowledge and experience to his current role, though he doesn’t consider his path to where he is today “a straight line path.”
He has spent over 20 years in the U.S. Federal Government, to include the Office of Management and Budget, where he oversaw spending and budgets for the U.S. intelligence community across multiple agencies. This was a formative time for the cybersecurity space, as it was a subject area that was not very well-known. As this changed, Michael delved deeper into cyber, grew his expertise, and became Special Assistant to President Obama and Cybersecurity Coordinator on the National Security Council Staff.
He then started and has been running CTA, a “nonprofit that is all about enabling cybersecurity providers to share threat intelligence” and “promote good cybersecurity policy and good cybersecurity practices.”
“We really see ourselves as a force multiplier behind the scenes to enable the cybersecurity industry to be much more effective, and we do that by enabling companies to share threat intelligence with each other both in an automated fashion and in a human-speed analytic fashion.”
New administrations bring new challenges and Michael’s career has provided him with an insightful perspective on how things have changed over the last couple of decades. He identifies positive and negative changes over time. While there is greater awareness, recognition, and prioritization of cyber issues at senior levels (e.g., the creation of the Cybersecurity and Infrastructure Security Agency (CISA) within the Department of Homeland Security (DHS)), there are also more advanced and intense threats with which to reckon. Specifically, Michael refers to the uptick in ransomware and fragmentation of the internet. Yet, we have become increasingly dependent on the internet, so when faced with a disruptive incident, “things that were, 20 years ago, mildly annoying, 10 years ago, were a problem, now, internet interruptions are organizationally catastrophic.”
Michael identifies that the biggest cyber threat facing many companies today is cybercrime (i.e., ransomware and business email compromise). For our critical infrastructure, research companies, government agencies, it is the threat of systemic disruption. Likening this to “the digital equivalent of a Category 5 hurricane,” Michael notes that the impact of an attack on the internet and our digitally-connected ecosystem is great, simultaneously affecting a multitude of businesses and causing other sorts of collateral damage.
Speaking of cybercrime and its complexity, CTA recently launched what is called the Atlas Project, inspired by the definition of an atlas: a book of maps involving different points of view and uses. The Atlas Project aims to “create a repository of information that can generate different views about the cybercriminal ecosystem” to facilitate a better understanding of that ecosystem, especially for law enforcement and network defenders.
To ameliorate the cyber circumstances our world is faced with today, CTA is involved in information-sharing and public/private partnerships. “As a nonprofit, our job is to really help be the glue behind the scenes that helps make the industry operate more effectively.” Specifically, CTA is actively collaborating with DHS on recommendations for effective, user-friendly reporting systems, enabling cybersecurity providers to work together by encouraging information-sharing, and promoting various initiatives to increase the collective level of cybersecurity awareness across the digital ecosystem as a whole.
Michael believes that companies can reduce their cyber risk with just a few basic measures, such as MFA and backups, to “pool and transfer risk.” Admittedly, “you cannot drive your cyber risk to zero,” but, as Michael rhetorically asks, “is there any risk you can drive to zero?” It’s important to avoid becoming “jaded” and “fatalistic” about cyber threats because there are easy steps anyone can take. It’s just a matter of knowing what those steps are.
That’s where information-sharing comes into play. For many organizations, information-sharing is a challenge. “We tend to lump all kinds of intelligence sharing into one big mass and there [are] actually lots of different kinds of cyber information and different organizations need different types of that information.” Technical, economic, legal, cultural, and operational barriers become obstacles that get in the way. “Almost anybody can do one-off information-sharing, but to share information at a high quality, at volume, at scale, consistently over time…that takes a lot of investment and it takes a sustained commitment over time.”
When it comes to public/private collaboration, Michael adds a third component: the nonprofit sector. To successfully and effectively make this triad work well together, it’s important to identify the comparative advantage, motivations, perspectives, and challenges of each.
In closing, Michael remarks, “Fundamentally we created the internet. Humans built the internet and the technology that underlies it… We can do something about it and the threats that we face. We can improve it.” And we will, by working together.
If you are interested in connecting with CTA and learning more about their work, please visit the website, follow @CyberAlliance on Twitter, or connect on LinkedIn. To hear Michael discuss these topics and more, listen to the full podcast episode.
Visit the Cowbell Factor Podcast library to listen to last season’s episodes and subscribe to stay up to date on upcoming ones. It is available on most podcast platforms (iHeartRadio, Spotify, Google podcast, Apple podcast, Anchor and Radio Public). If you enjoyed this episode, consider rating it with 5 stars on Spotify and Apple!