The past two weeks have seen Surevine‘s leadership across the pond in Washington making appearances at both the and the.
Billington Cyber Summit
Our CEO & Founder, Stuart Murdoch, headed out a day early as Surevine were invited, along with other UK companies, to showcase UK Cyber innovation. The mission, arranged by the British Embassy, highlighted the demand for UK cyber innovation in the US and how UK companies can best meet that need.
Day two saw Surevine invited to participate in the . This event held annually in DC in the autumn attracts the most senior people in Government and Military Cyber from the US and their key allies, most notably the UK.
One session presented by Mark Sayers from the UK Cabinet Office and Paul Maddinson, former Director of Operations at NCSC UK, now working at the British Embassy in Washington DC, focused on “cyber deterrence strategies in the US and UK.” The US-UK partnership has been a safeguard of international security for over 70 years, and continues to address the evolving threat of cybercrime.
This year Jeremy Fleming, Director of GCHQ, delivered a in his first public conference in the US, which attracted worldwide media attention when he described the Russian state as an “active threat.” He stressed the importance of collaboration, concluding his talk saying we face significant threats now and even more so in the future, and withstanding this will require new ways of collaborating with our partners.
To round off the summit, Northrop Grumman sponsored the refreshments at a reception at the British Ambassador’s residence – the only building in the US designed by the famous Surrey architect, Sir Edwin Lutyens. Jeremy Fleming and Paul M. Nakasone, the 4-star general who is Commander of US Cyber Command, addressed the attendees, saying that we must confront and adapt to a new reality in cyberspace with persistence. They reinforced that Billington is becoming the most important event of its type for the US-UK cyber partnership.
The next week, Surevine were invited to address the second. The ISAO Standards Organisation was set up by the Department of Homeland Security to identify a common set of voluntary standards for the creation and functioning of ISAOs.
The conference was split over two days with talks by DHS, , MITRE and Surevine. The topics covered included: cross-sector threat sharing; delivering actionable threat information; crisis response information sharing; measuring the value of threat information sharing; and TLP to evolution.
Surevine’s Stuart Murdoch spoke about Voluntary vs. Mandatory sharing. He started by explaining the heritage of voluntary sharing in CiSP, the that NCSC brought, and the confidence that not having Regulators on the CiSP platform brings. He then went on to talk about how Mandatory sharing is increasing, citing the , , and the as examples. He then went into detail on NISD and its .
A number of challenges were posed:
- Multiple notification requirements: e.g. GDPR & NISD
- Multiple Channels:
- CISP for voluntary
- Competent Authority for Mandatory – but want voluntary too!
- Silos vs. situational awareness
- CISP is cross/multi-sector
- Competent Authorities are sector-specific
- Liability Protections:
- CISP excludes regulators, is FOIA exempt
- Competent Authorities ARE regulators, will penalise (e.g. ICO/GDPR)
If you have any questions about Surevine’s presentation, please email us at firstname.lastname@example.org or join the conversation