Cyber Threat Alliance
History[edit]
Formation[edit]
The Cyber Threat Alliance (CTA) is a 501(c)(6) membership-based, non-profit organizationthat shares cyber threat intelligence[1] among its member companies and works to promote “good cybersecurity policy and cybersecurity practices.”
The group was founded in 2014 through an informal intelligence information sharing agreement among founding companies Fortinet, McAfee, Palo Alto Networks, and Symantec.[2] Later, the group formally registered as a non-profit organization and announced Michael Daniel[3], former Special Assistant to President Obama and Cybersecurity Coordinator on the National Security Council staff as its president.[4]
Mission & Activities[edit]
The CTA was founded as a non-profit organization with a core mission of improving cybersecurity across the digital ecosystem by sharing security threat information across members. CTA engages in three types of collaborative activities: automated sharing of technical intelligence, analytic sharing of human consumable intelligence, and participation in joint cybersecurity improvement projects.
Automated Sharing[edit]
CTA’s automated sharing occurs through a custom-built platform called Magellan. Member companies provide technical threat intelligence, consisting of Indicators of Compromise (IOCs) and associated context (such as a date/time stamp, malware name, or country detected), to the platform on at least a weekly basis. CTA members can then retrieve the threat intelligence shared by all the other members, and incorporate it into their products, services, reports, and other activities.
Analytic Sharing[edit]
CTA enables its members to share information at a human scale and speed. Analytic sharing activities include regular video conference calls, use of an instant messaging platform, and distribution of pre-publication, embargoed blog posts, research findings, and white papers among CTA members.
Projects[edit]
As its third major collaboration area, CTA participates in multi-organization projects aimed at raising the level of cybersecurity across the digital ecosystem. These projects change over time, depending on the key policy issues or threats. For example, in 2015, the group published a whitepaper on the CryptoWall ransomware revealing that attackers earned $325 million in ransoms paid by victims to gain access back to their files.[5] Another prominent activity of the CTA is the CyberNextDC conference, co-hosted with the Coalition for Cybersecurity Policy & Law, which features discussions on key cybersecurity policy issues with experts in the field.[6]
Ransomware Task Force[edit]
The CTA was involved with the Joint Ransomware Task Force (JRTF), an interagency body established by Congress to serve as the central body for coordinating the national campaign against ransomware attacks.[7] Section 106 of the Cyber Incident Reporting for Critical Infrastructure Act of 2022 (CIRCIA) designated the JRTF, co-chaired by the Cybersecurity and Infrastructure Security Agency (CISA) and Federal Bureau of Investigation (FBI), to coordinate interagency counter ransomware initiatives. To support these efforts, the CTA helped draft a Cyber Incident Reporting Framework which identifies a set of principles that incident reporting regulations should incorporate in addition to a set of mock reporting formats which CISA can use as a foundation for reporting forms.[8]
These efforts culminated with the 2022 International Counter Ransomware Summit which convened leaders from countries around the world to discuss how to defend against ransomware attacks.[9] The Cyber Threat Alliance participated as a private sector representative and contributed towards the Joint Statement that was released which reaffirms the participants commitment to cooperating to disrupt ransomware and pursuing the actors responsible.[10]
World Economic Forum ATLAS Project[edit]
As a member of the World Economic Forum’s Centre for Cybersecurity, CTA supported the Forum’s launch of the ATLAS Project in 2022.[11] Inspired by the definition of an atlas — a book of maps involving different points of view and uses — the Project aims to “create a repository of information that can generate different views about the cybercriminal ecosystem” to facilitate a greater understanding of the data and security ecosystem, particularly for law enforcement and network defenders.[12]
This article "Cyber Threat Alliance" is from Wikipedia. The list of its authors can be seen in its historical and/or the page Edithistory:Cyber Threat Alliance. Articles copied from Draft Namespace on Wikipedia could be seen on the Draft Namespace of Wikipedia and not main one.
- ↑ "The Cybersecurity 202: Top cybersecurity companies are pooling their intel to stop cyberattacks". The Washington Post. Retrieved 2 January 2024.
- ↑ Taylor, Harriet. "Security firms forge alliance to fight growing cyber threat". CNBC. Retrieved 2 January 2024.
- ↑ "J. Michael Daniel". Forbes. Retrieved 2 January 2024.
- ↑ "Cyber Threat Alliance grows to six founding members; introduces Mike Daniel as president". SC Media. Retrieved 2 January 2024.
- ↑ "Why Cisco, McAfee Say Security Vendors Must Share Threat Intel to Beat the Baddies". SDX Central. Retrieved 2 January 2024.
- ↑ "The Week Ahead: Neuberger, Goldstein headline cyber policy conference; Cloud Security Alliance zero trust webinar". Inside Cybersecurity. Retrieved 2 January 2024.
- ↑ "Joint Ransomware Task Force". Cybersecurity and Infrastructure Security Agency. Retrieved 2 January 2024.
- ↑ "Framework for Cyber Incident Reporting" (PDF). Inside Cybersecurity. Retrieved 2 January 2024.
- ↑ "Cyber officials from 37 countries, 13 companies to meet on ransomware in Washington". Reuters. Retrieved 2 January 2024.
- ↑ "International Counter Ransomware Initiative 2022 Joint Statement". The White House. Retrieved 2 January 2024.
- ↑ "World Economic Forum wants a global map of online crime". The Register. Retrieved 2 January 2024.
- ↑ "Strength in Numbers: Partnering Against Cyber Threats". Cowbell. Retrieved 2 January 2024.
