It’s good to talk – IBM initiative aims to help companies share their cyber security experiences
IBM looks to bolster its security credentials after it outlined an initiative to encourage more companies to share their intelligence and experiences of cyber attacks.
The move comes as US authorities continue attempts to create a new law with the Protecting Cyber Networks Act, that will protect companies from liability lawsuits from customers when they share data on cyber threats.
The IBM-led initiative aims to encourage companies to share intelligence about hacking attacks. Speaking last week, CEO Ginni Rometty (pictured left) described the scheme as an “immune system” for businesses seeking to defend themselves from the ongoing onslaught of cyber attacks.
IBM has for years now been an active player in the security market with its security research teams. The IBM X-Force unit produces quarterly reports examining the latest trends and stats in the security market.
And it recently created the IBM X-Force Exchange, which is a cloud-based threat intelligence platform. The aim of this platform is to enable businesses to rapidly research the latest global security threats, locate actionable intelligence and collaborate with peers in the industry.
This platform has already attracted more than 1,000 companies in 16 industries that are sharing threat intelligence. IBM is contributing its own data about cyber attacks it has gathered over the last 20 years. It also includes anonymous data from businesses who have contributed information about attacks on their systems.
“The more you share, the greater you’ll be protected,” Rometty was quoted as saying, after Re/code gained access to speech she made to customers at a closed event in New York last week.
Rometty also backed the US government with its Protecting Cyber Networks Act, as a way to get more companies to share their cyber security experiences.
“The immune system and the global public health system is the analogy there. … We all have to advocate that laws get passed that you can share data without liability issues, you have some protection in doing that,” she reportedly told IBM customers.
The Protecting Cyber Networks Act would allow businesses to use a civilian portal, most likely to be run by the Department of Homeland Security, to share cybersecurity threat data with the American government. The data will apparently be “scrubbed” twice to remove personal information.
The measure also reportedly comes with a corporation liability protection, to safeguard the companies from lawsuits. This is because in the past businesses have often been reluctant to tell the government about cyber attacks, due to concern about a lawsuit from consumers or privacy groups.
Unlike previous legislation, the ‘Protecting Cyber Networks Act’ specifically states that it does not authorise the Department of Defense, the National Security Agency nor any other part of the intelligence community to target a person for surveillance. But it does seek to provide government agencies with the ability to see how a hack occurred and take action to prevent more attacks in the future.
Big Blue’s attempt to bolster its security credentials with the IBM X-Force Exchange is part of its strategy to move away from its legacy hardware businesses and into more profitable areas, as it continues to face declining revenue streams.
IBM offloaded its PC business to Lenovo many years ago now, and last year it also sold its x86 server business to the Chinese PC maker. In 2014 it also paid Globalfoundries $1.5 billion (£931m) to take on its loss-making chipmaking operation.
In 2013 it acquired Trusteer, a security specialist that helps protect organisations against fraud and advanced security threats. At the same time, IBM also formed a cyber-security software lab in Israel that will bring together more than 200 Trusteer and IBM researchers and developers to focus on mobile and application security, advanced threat protection, malware, counter-fraud and financial crimes.
Are you a security expert? Try our quiz!