Introduction
This article introduces the idea of collective action to improve cybersecurity at the industry level, focusing on how organizations that provide internet services to third parties cooperate to enhance security.
1. The Role of Internet Service Providers in Cybersecurity:
• Organizations that supply internet services are critical players in the cybersecurity ecosystem. These include platform providers like Microsoft, Apple, Facebook, and Google, as well as network operators, hosting companies, and domain name registrars.
• These organizations not only protect themselves but also safeguard their customers and the broader internet ecosystem.
2. Supply of Internet Services and Cybersecurity:
• There is a close connection between the supply of internet services and the supply of cybersecurity. Cybersecurity, in many ways, is produced alongside internet access and online services, especially as these organizations work to detect, prevent, and mitigate cyber threats.
3. Cooperation Among Internet Firms:
• Even though most internet operators are private competitive businesses, they frequently cooperate to address significant cybersecurity challenges.
• This cooperation takes place in three key areas:
1. Development of Standards.
2. Sharing Threat Information.
3. Joint Collective Action Against Cybersecurity Threats.
4. Standardization Efforts:
• Standards are developed to help govern and guide internet services. Some examples include:
• The Internet Engineering Task Force (IETF) develops voluntary standards for internet operations, including security-related standards like Transport Layer Security (TLS).
• OASIS (Organization for the Advancement of Structured Information Standards), which promotes open standards in information technology, including Security Assertion Markup Language (SAML) for exchanging authentication and authorization data.
• The Payment Card Industry Security Standards Council (PCI-DSS) was formed by major credit card companies to standardize security requirements for payment systems.
5. Threat Information Sharing:
• Many organizations collaborate to share cyber threat intelligence in real-time, which helps them respond quickly to emerging threats.
• Some examples of initiatives include:
• Cyber Threat Alliance: Members like Fortinet, McAfee, and Palo Alto Networks share threat data using STIX (Structured Threat Information Expression) packages.
• Spamhaus Project: One of the oldest anti-spam initiatives, it compiles blocklists of verified spam sources.
• Anti-Phishing Working Group (APWG): This nonprofit consortium shares vast amounts of phishing data to help companies protect themselves from cyber threats.
6. Collective Action Against Cybersecurity Threats:
• Industry groups often work together to take down cyber attackers or respond to major incidents:
• Messaging Malware and Mobile Anti-Abuse Working Group (M3AAWG): This group brings together ISPs, email service providers, social networks, and security vendors to combat messaging abuse like phishing and spam.
• Conficker Working Group: This ad hoc alliance was created in 2008 to combat the Conficker worm, which threatened to become one of the largest botnets in history. It included key players like Microsoft, ICANN, Symantec, and Georgia Tech researchers.
7. Examples of Cooperative Efforts:
• The Zero Botnet Alliance, co-hosted by Spamhaus and APWG, tracks and shares information about botnet threats.
• Internet service providers (ISPs) also work together to detect and remove botnet malware from their customers.
Conclusion:
The lesson emphasizes how suppliers of ICT services are in a unique position to identify, detect, and act against cybersecurity threats. It highlights how these organizations often cooperate in three key areas — standardization, threat information sharing, and collective action. Through cooperation, internet firms can better protect both their own operations and the broader online community from cybersecurity incidents.
Public Privacy 