It is well known that companies very often don’t want to report security incidents they faced with. There are some initiatives to set up incident centers to which companies can voluntarily participate and anonymously report cyberthreats, incidents and problems.
A pilot of the Philadelphia-based Cyber Incident Detection Analysis Center (CIDDAC) is enabling numerous private enterprises to anonymously report cyberthreat and attack data with other enterprises and the government without fear of law enforcement audits. CIDDAC avoids audits by not being a government entity and not sharing from whom the information was collected. Currently, enterprises are not sharing important information, because a resulting security audit makes their valuable proprietary information available to the press and the public under the Freedom of Information Act. CIDDAC members are voluntarily participating and have donated about $100,000 to the project, while the Homeland Security Department’s Science and Technology Directorate has provided $200,000 in funding. CIDDAC needs an additional $400,000 in funding to move out of the pilot phase and into a permanent phase where it can charge members $10,000 per year to participate. AdminForce Remote developed CIDDAC’s real-time, cyberattack-detection sensor technology that gathers information from member networks. The intrusion-detection device alerts law enforcement and other CIDDAC members of developing threats on member networks without releasing identification data. Both the FBI and the Homeland Security Department will receive CIDDAC reports and will use the reports to begin informal investigations. The SANS Institute is running a similar program, the Internet Storm Center, using the Dshield intrusion-detection system technology, which is freeware the SANS Institute maintains. Internet Storm Center, which is free to use, enables users to anonymously submit firewall log data and read 30 days’ worth of log submissions. Source: ACM TechNews