Doubling Down on Trusted Partnerships: Our Commitment to Researchers
October 22, 2024
By National Cyber Director Harry Coker, Jr.
The cybersecurity threat environment is constantly evolving. It is more complex than ever before. Keeping ahead of the bad actors requires collective effort, built on trusted partnership.
Partnership means the government shares what we know to help entities defend themselves and their customers. But we find that sometimes the first indicators of a threat are often provided by one or more of our partners in the private sector. And we always find that their insights enrich our understanding.
At DEF CON earlier this year, I talked about the vibrancy of the security research community. So much of the data that powers our cyber defenses comes from individuals – working for companies, studying at universities, or in their spare time – freely sharing their findings. Information sharing is the lifeblood of our discipline and is called out as such in the National Cybersecurity Strategy.
But, as with any partnership, it is vital that our relationships with the security research community be built on a foundation of trust. A key element of that trust is the idea that when information is shared voluntarily in confidence, the wishes of the sharer will be respected.
As those of us in the community know, this is not a new concept. Through the Forum of Incident Response and Security Teams (FIRST), there is a well-understood tool for marking sensitive information: the Traffic Light Protocol (TLP). TLP is core to the trust groups we rely on, and many agencies in the government use it when sharing information externally with their partners.
However, we recognize that communication is also a critical component of trust, and the U.S. Government must be more clear about how we handle information shared with us under limited redistribution. Here at ONCD, we are dedicated to collaboration with our partners and know that true partnership includes listening and learning – and taking appropriate action. We now understand that clarity is needed so that, across the Federal Government, we are consistently handling information with the thoughtfulness and care it deserves.
To that end, today we are releasing Traffic Light Protocol (TLP) guidance for federal agencies that clarifies our intent.
The guidance states:
“The USG follows TLP markings on cybersecurity information voluntarily shared by an individual, company, or other any organization, when not in conflict with existing law or policy. We adhere to these markings because trust in data handling is a key component of collaboration with our partners.”
We already do so much work together as a cybersecurity community to achieve an affirmative, values-driven vision for a secure cyberspace that creates opportunities to achieve our collective aspirations. We hope that this guidance will help both our interagency and private sector partners clearly understand the immense respect we have for trusted information sharing channels – and that it will allow more of those partnerships to flourish.
Finally, I’d like to thank all of the US Government cyber community for their work on this document and for their support of the TLP program. By working together, we are ensuring that partnership in practice is helping better protect our great Nation.