Facebook sees challenges to sharing threat data with US

Facebook’s new platform for sharing information about security threats appears to be gaining support, though it’s unclear if the U.S. government or law enforcement will get a seat at the table, something a Facebook official said is “fraught with challenges.”

Facebook launched the ThreatExchange last week as a way for companies to share information they gather about cyber threats, something that could be vital to protecting end user and company data.

In the first 24 hours after its launch, the company got over 100 requests from other companies to participate, Facebook chief security officer Joe Sullivan said Wednesday. But, “we haven’t put a lot of thought into whether this would be something that should extend into private-public sharing,” he said.

One issue is that law enforcement agencies aren’t always forthcoming about how they use company data for their investigations, which could raise concerns among both businesses and consumers. And sharing data with the U.S. government presents challenges, Sullivan said.

Two days after Facebook unveiled the platform last week, President Obama traveled to Stanford University in the heart of Silicon Valley to push for more cyberthreat information sharing between companies and the U.S. government.

Revelations from Edward Snowdon about the government’s broad surveillance programs has eroded trust between the White House and Silicon Valley. Sullivan didn’t mention this, but it could be another factor that makes working with the government tricky.

“We’ve been focused on dealing with specific challenges that we’ve been seeing across our industry,” Sullivan said, in a speech at the M3AAWG conference on malware, messaging and mobile technologies in San Francisco.

“What we’re trying to do is build a technical implementation that would help our industry deal with challenges without raising the troubling issues,” such as those around sharing personally identifiable information, he said. Instead, ThreatExchange focuses on information about malicious domains, malware samples and other signs of compromise.

Early partners in the program include Yahoo, Twitter and Pinterest, but now there are many more looking to share information.

Sullivan declined to identify the other companies expressing interest, but he said they seemed interested in sharing typical threat information such as malicious URLs and malware samples.

ThreatExchange uses Facebook’s infrastructure and provides APIs companies can use to query or upload new threat data. Controls allow companies to share data selectively with other companies.

It comes after some major hacks on large companies including Sony and Target. Facebook’s platform is rooted in the idea that companies should share threat data more widely to keep attacks at bay, even if those involved are competitors.

The idea was borne more than a year ago when Facebook, Twitter, Yahoo and others were targeted by a malicious botnet that used the companies’ services to deliver spam.

To comment on this article and other CIO content, visit us on Facebook, LinkedIn or Twitter.
Download the CIO Nov/Dec 2016 Digital Magazine
Notice to our Readers
We're now using social media to take your comments and feedback. Learn more about this here.