In SANS NewsBites last week (vol 13 #14), Alan Paller reported that US Cyber Command will test a program sharing classified attack signatures with private industry.
I guess my black helicopter merit badge has expired because I didn’t immediately think of the dark possibilities. I thought it sounded good. I’m frustrated when I hear security intel from end users in the government rather than from the government itself. The government cares enough to FISMA me, shouldn’t they care enough to share intel?
Securology has a darker take. He posits that this will take the form of IPS signatures. Naturally you’ll just add their feed in because who has time to review signatures before deploying. I imagine they would be compiled signatures to make it (slightly) more difficult to reverse what is being monitored. Do you really trust the government enough to control your pipes? Securology posits a day when they silently drop Wikileaks packets (for example).
I wonder about the efficacy of these signatures anyway versus what is available through the private sector. Will this just help us detect yesterday’s attack?