Interoperability Is Key To Cybersecurity – A Conversation at CSIS

Interoperability – a subject that for too long cybersecurity companies have treated as an inconvenient nuisance – is finally getting the attention it deserves. In February, I had the opportunity to discuss the critical nature of interoperability with true security experts in the public and private sectors. We agreed that to solve the world’s biggest security problems, collaboration in the cybersecurity industry should become the new norm.

McAfee has long promoted interoperability in our products and through our corporate tagline “Together Is Power.” It was encouraging to hear the perspective of NIST’s Donna Dodson, Cyber Threat Alliance’s CEO Michael Daniel and CSIS’s Jim Lewis, all of whom agreed that designing tools that interoperate with each other is integral to successful cybersecurity and will improve security outcomes for organizations and governments.

Here are some highlights of our discussion:

• For too long, vendors touted their proprietary “secret sauce” to compete on who had the best (yet incomplete) data set. They’d be better off taking advantage of initiatives like the Cyber Threat Alliance’s information-sharing program, allowing them to shift their focus from improving data sets, to the power of their analytics and the tools they develop for understanding the data. Competing at this level and not on the level of proprietary data sets will help the industry with better insights that ever before, providing a more complete picture of the threat landscape.

• The federal government has added new cyber tools to its arsenal in recent years, but many of them can’t talk to each other. As NIST’s Donna Dodson noted, enabling these tools to work together has significant security and operational benefits. In short, interoperability has real-world business advantages, not just technical ones. Giving businesses and organizations, including the federal government, a full suite of interoperable solutions and tools will have benefits that extend beyond just security.

• Major efforts are underway to make widespread interoperability a reality. From the standards work of various standards development organizations such as OASIS, IETF and others, as well as industry groups such as the Open Cybersecurity Alliance, dedicated to advancing integrated interoperability, organizations are collaborating to help develop standards, open source common communications and data federation capabilities, tools and policies.

Interoperability is critical and vital on multiple levels, as cyber threats continue to challenge organizations across the globe.  We must be able to share standardized threat data. We must be able to integrate our cyber defense tools in a much simpler fashion than is possible today. Organizations need to be able to purchase best-of-breed defensive solutions and integrate them quickly and easily.  We cannot continue to put the cumbersome burden of product and data integration on each organization that buys cybersecurity products.

Cybersecurity vendors should not be competing on plumbing. We must find ways to up-level competition between vendors while focusing on defending against the adversary we all face daily. We need to focus on improving security in order to, for example, help hospitals better understand the threat landscape to prevent life-threatening attacks and help the Department of Defense better identify national security threats. Interoperability makes these things possible, and we must continue to have important conversations like these to make interoperability a reality.

To watch our full discussion, click here.