One of the challenges of raising a child is teaching them how to share; one of the challenges of federal information technology professionals is teaching them to share.

Today we take a look at organizations that encounter cyber threats and their efforts at sharing threat information.

Sharing cyber threat information isn’t a recent idea -- Executive Orders have encouraged sharing for years.

February 13, 2015, talks about the goal of creating robust information sharing related to cybersecurity risks and incidents.

May 12, 2021 “Removing barriers to threat sharing” that encourages the sharing of information across federal agencies.

In the commercial world, people are afraid to share cyber threat information because it may make them look weak to customers. If they share that data with competition, then their commercial opponents may have a leg up on them.

The federal world is just resistant but for different reasons.  If a vulnerability is announced, there is a threat that federal systems that aren’t patched will be vulnerable to attack.

This is the challenge addressed in today’s interview with federal CISOs and a commercial expert. 

Jonathan Feibus from the NRC looks at budget -- smaller agencies may not be able to afford to get commercial data on threats.

Companies like Mitre make available public Common Vulnerabilities and Exposure (CVE) lists for free. The most recent list includes 210,558 vulnerabilities.

It is indeed possible for a commercial company to have systems where vulnerabilities can be identified and remediated before they makes the CVE list.