While the shift in mindset does explain the value of threat sharing, private organizations still need incentives to share their cyberthreat information. What many have come to realize, however, is that what's good for the security community as a whole will likely benefit them individually, Benway says.
"If I'm a financial services company and I'm connected to 500 banks, and some of those banks may be small or medium-sized banks and they don't have the type of resources I have for cybersecurity, I need to help them secure themselves, or I've got issues," Benway says. "And you hear that on a regular basis now."
As more organizations begin to realize the incentives of threat sharing, the ACSC still needs to establish trust. Guenther admits that threat sharing has occurred for years, between CIOs and CISOs at different companies who trust each other enough to discuss cyberattacks without worrying about the public finding out. That's where the value of operating as a regional organization comes into play.
Private organizations have plenty of resources for threat sharing, such as the Information Sharing and Analysis Centers (ISAC), which offer industry-specific, nationwide networks in which hundreds of businesses can share cybersecurity information. While Guenther says "there's clearly a place for the ISACs" and large-scale sharing, he says the ACSC provides added value by allowing organizations from several sectors to work together in small groups. Since launching in 2008, the ACSC has grown from 15 members to 28, and Guenther says the group likely will not grow larger than 35, to ensure a high level of communication in the network. By turning to the Massachusetts area and fostering a regional network, the ACSC connects organizations from the technology, financial services, higher-education and healthcare industries for bi-weekly, three-hour meetings to share threat information. Financial services firms, for example, get to see and discuss threat information from those in the technology or healthcare fields. The information they find from those organizations could help them identify trends within their own. Those trends could inspire new discussion within an industry-specific ISAC, and vice versa.
In a constantly fluctuating cybersecurity world, access to diverse threat information could be critical. Otherwise, the attackers might catch on to their targets' threat-sharing practices, and could adapt to avoid detection. That's how cyberwars are fought these days, and, as Guenther sees it, it's how they will be fought for the foreseeable future.
"You got the bad guys developing new tactics and the good guys trying to stay ahead of them. The more you understand about your adversary and the tactics they use, the better you can defend against them. That's the basic theory," Guenther says. "But there's no endpoint. It doesn't stop at some point. It's always going to get more sophisticated on both sides."
Sign up for CIO Asia eNewsletters.