The first official c-Watch cohort kicks off this week, using sport to help train cybersecurity experts experienced in information-sharing environments. And by July, c-Watch students will be part of a pop-up security operations center for 2018 FIFA World Cup Russia, doing the cyber threat intelligence work that’s now so critical during high-profile sport events.
Why the combination of sport and cybersecurity?
It turns out international sporting events are irresistible to cybercriminals. The sophisticated attacks they launch during widely watched competitions can give experts strong leads on newly engineered malware and tactics. They serve as a kind of early-warning system, because those same tactics are highly likely to be used for other attacks in the following months.
Starting April 30, c-Watch participants will undertake 10 weeks of intensive online training and skill development in cyber threat analysis, working with mentors and collaborating with peers.
The week-long World Cup capstone will then give students a chance to put everything they’ve learned into practice, to detect emerging cyber threats in the early stages and to solve the mysteries behind attacks.
c-Watch gives students access to practicing professionals in the field of threat intelligence and experience in a security operations center, according to Doug DePeppe, co-founder and board president of the Springs-based nonprofit Cyber Resilience Institute, which created the program. Instruction is organized in three tracks — policy, tradecraft, social media — to enable students with diverse backgrounds to join an interdisciplinary team.
Training is on a virtual platform, so students can work from anywhere. They’ll learn about indicators of compromise, data ingestion and data enrichment, and how social media are used in cyber threat analysis.
The “elixir of sport” is the draw, DePeppe said, but the training, skills and graduates will go well beyond the sports arena. Communities nationwide need cybersecurity experts experienced in information-sharing environments, he explained — and Colorado Springs is the ideal launching pad for building out a national initiative.
“For economic vitality, prominence begets opportunity. Silicon Valley is synonymous with the tech industry; New York City with financial markets; Los Angeles with the movie industry, and so on,” DePeppe said in an email — and those markets attract industry leaders and boost business opportunities.
“Colorado Springs has been seeking to position itself in cybersecurity for quite some time. Meanwhile, as Olympic City USA, it has clearly established itself in the sport industry,” he said. “With Sports-ISAO and the c-Watch Program, what we have done is couple sport and cyber in a way that has already shown that it has national and international attraction.”
Sports-ISAO, a program office of CRI, spent the PyeongChang Olympic Winter Games collecting and analyzing information on cyber threats for the Joint Operations Center at the U.S. Embassy in Seoul, in an operational public-private partnership.
In addition to conducting commercial cyber threat intelligence collection and analysis, it provided reports on geopolitical implications as well as malware research and analysis, and shared that information with other stakeholders.
Sports-ISAO’s successful work on the Winter Olympics was “a strong selling point,” DePeppe said, for information-sharing as a cybersecurity approach.
What are ISAOs?
ISAOs are Information Sharing and Analysis Organizations. In 2015, President Barack Obama issued an executive order directing the Department of Homeland Security to encourage the development of ISAOs. “America’s cyber adversaries move with speed and stealth,” the DHS website says. “To keep pace, all types of organizations, including those beyond traditional critical infrastructure sectors, need to be able to share and respond to cyber risk in as close to real-time as possible. Organizations engaged in information sharing related to cybersecurity risks and incidents play an invaluable role in the collective cybersecurity of the United States.”
How will more ISAOs help cybersecurity?
We need to look at cybersecurity as a problem that creates collective risk, DePeppe said. “[H]ardening networks and improving online behavior are both important, but we all need better situational awareness. ISAOs enable that. When there’s a public health outbreak, public service announcements and other situational awareness actions kick in. It’s sort of like that with ISAOs.”
One of several misconceptions is the idea that information-sharing involves “content” or proprietary information. “Other barriers involve organizations who are competing for primacy in an emerging market, rather than collaborating and building a bigger market…”, DePeppe said. “There’s a bigger pie to go around if we’re all building market forces… Remember that the bad guys have a market — it’s a Black Market. … We need our own counter-market. So educating folks about the need for more ISAOs is important.”