The Advanced Cyber Security Center is a three year old organization with a bold mission to "bring together industry, university, and government organizations to address the most advanced cyber threats" and drive cybersecurity R&D in the New England region. Network World editor in Chief John Dix attended their most recent meeting in Boston and later tracked down ACSC Executive Director Charlie Benway and ACSC Board Chair William Guenther (CEO and Founder of Mass Insight) for a deep dive on the organization's goals.
ACSC seems to have hybrid goals, one involving sharing threat intelligence among members, the other being around research and development and making New England a mecca for cyber security. Let's start by having you expand on that first goal.
BENWAY: Clearly the threat-sharing program is a priority of the organization, building trusted relationships between members and having face-to-face discussions about these threats. What do they look like? What are they targeting? Why? How do you deal with them?
Because it's a cross-sector organization, some sectors see certain threats before others so some members get advance notice. But it goes beyond just actionable threat information. Members say the organization is also a tremendous benefit in terms of professional staff development because members exchange best practices and can take ideas back and improve the security posture of their own enterprises.
You have 30 members now, including five that joined recently, and I understand you want to grow the organization. How big can it get without jeopardizing the face-to-face part of the mission?
BENWAY: That's a great question and one we've been wrestling with. The original vision was to grow to about 35 members because of what Bill likes to describe as the power of small groups, which involves building trusted relationships and an environment to share actionable information. But we need to find ways to expand beyond the 35. So what we've been looking at is setting up multiple sharing groups within the organization as we continue to grow, where secure information is shared between each group through various communications, including summary reports and notifications on our secure portal, which allows for virtual threat sharing among members. Our established threat sharing group leaders would facilitate each session to maintain consistency and to provide the cross-pollination between industry sectors that sets us apart from other threat share initiatives.
Although we're regionally focused we have some companies headquartered outside the region now joining, like the Facebooks of the world. In fact, we spend time helping organizations around the globe understand who we are, what we do, how we got started and how you build an ACSC. The intent is, if they build a similar capability, we could build out our virtual threat-sharing capabilities with similar regional groups to form a federated threat share initiative. We completed a successful test exchange with an organization called the Western Cyber Exchange in Colorado this summer, which was the first of its kind. So our hope is to expand by having multiple groups share information on a national and possibly even global basis.
Sign up for CIO Asia eNewsletters.