What cybersecurity professionals can learn from the humble ant – Source: www.csoonline.com

When an ant colony is threatened, individual ants release pheromones to warn of the impending danger. Each ant picking up the warning broadcasts it further, passing it from individual to individual until the full defenses of the colony are mobilized. Instead of a single ant facing the danger alone, thousands of defenders with a single purpose swiftly converge on the threat. This all happens without the need for direction from a central authority or guidance from a single leader.

Just like the ants, public-private partnerships (PPP) should be responding to cybersecurity klaxons and working together to combat threats from all corners of the globe. Examples of this are already starting to happen. US President Joe Biden’s National Cybersecurity Strategy outlines the expectation of an all-of-government approach to cybersecurity, which would give a common purpose to private organizations and national infrastructure that are vulnerable to attack.

The ants and their pheromones provide a compelling model for a holistic approach to cybersecurity. The word for this kind of behavior is stigmergy — actions performed by self-organizing systems that allow individuals to work together to achieve a common goal without any central coordination. Governments, companies, partners, and even competitors should be able to unite as one to address the omnipresent threats presented by both criminals and nation-states for the benefit of all.

Cybersecurity groups working together are more formidable

Such is the case of a group that goes by the moniker of Big Pipes, made up of security researchers, staffers from cloud service providers, academics, FBI special agents, and online gaming companies. Over the past few years, they have worked as one to address the “booter” or “stresser” services offering distributed denial-of-service (DDoS) attacks for hire. Wired’s recent exposé on this quiet and unassuming group explains their motivation and success far better than do the Department of Justice’s (DOJ’s) announcements of takedowns and arrests facilitated by the willingness to work as one.

On May 8, 2023, the DOJ announced that federal authorities had seized 13 internet domains associated with booter websites. A few months before, prosecutors in Los Angeles and Alaska charged six people with offering computer attack services. This was ant theory in action.

Another example where governments combined forces across the Americas and Europe was Operation SpecTor, which spanned three continents and took down and neutralized a narcotics network operating within the dark web. The DOJ’s Joint Criminal Opioid and Darknet Enforcement (JCODE) together with Europol’s European Cybercrime Center (EC3) combined information and leads that resulted in 288 arrests. When governments work together, they are stronger and more formidable.

Collaboration in response to Russian cyberattacks on Ukraine

Then we have the Russian invasion and cyberwar being waged against Ukraine. Within the response to the cyberwar, we saw companies spontaneously unite and bring their expertise to the Ukrainian government and citizens. For example, the Ukrainian government, working with companies from around the world, moved to preserve their national records in the cloud.

As noted in a previous column, Russia is targeting the displaced Ukrainian population with disinformation and misinformation, as it strives to eradicate the Ukrainian nationality. Ukraine amped up its digital governance application, DIIA, with the support and backing of both the United Nations Development Programme (UNDP) and the United States Agency for International Development (USAID). This collaboration created a model that is now being exported to other countries (Estonia being among the first.)

CISOs should heed the call to work with others

The US National Cybersecurity Strategy has provided an infusion of energy and resources toward more robust system of public-private partnerships against cyberattacks. As the administration noted, “economic security and prosperity; respect for human rights and fundamental freedoms; trust in our democracy and democratic institutions; and an equitable and diverse society” are all at risk.

Thus, it is incumbent upon any CISO or CSO with resources or intelligence to share to step forward at the sound of the loud and repetitive klaxon and engage in the PPPs being forged. In August 2021, 40 companies took part in a White House cybersecurity summit following the issuance of the July 2021 National Cybersecurity Memorandum. President Biden was direct in calling on the cybersecurity sector to up its game: “You have the power, capacity and responsibility, I believe to raise the bar.” He continued that “we’ve seen time and again how the technologies we rely on from our cellphone to pipelines to the electric grid can become targets of hackers and criminals.”

Almost two years later, we find ourselves with the same message being delivered, a bit of déjà vu, a situation which we can ill afford. Now is the time to be competitive yet seek ways to be collaborative for the common good. The White House signaled to US partners and allies that we are in this fight together and together we will need to share information and technological investment. The ant theory requires us to all answer the call, not tomorrow, not the day after tomorrow, but now. Will it be enough? Time will tell.