The Role of Governments
Besides the protection of their own systems, an important role for governments is to create environments in which their constituents (organizations and individuals) can most effectively protect themselves from Targeted Attacks. The following efforts by governments can help constituents protect themselves:
Clearly communicate the realities of the threat environment to citizens, companies and investors so that organizations are more comfortable reporting the key aspects of breaches. This reporting can encourage learning from previous incidents and bolster specific defenses to protect key assets in the future.
Making an organization aware that there is reason to believe they may be the target of a Determined Adversary is a critical first step in protecting their critical assets. Governments may have sources of attribution and expertise in threat assessment that provide valuable insights into the intents and motivations of Determined Adversaries. This information, which is distinct from the technical data associated with a specific attack, should be communicated to those organizations considered to be at threat to inform their risk management decisions.
Create a climate that encourages the exchange of technical data (at the unclassified level as much as possible) between public and private organizations to enable meaningful outcomes, with rules and mechanisms that permit both sides to protect sensitive data. This approach represents a shift from past practices that viewed information sharing as an objective itself, as opposed to a tool. It must be a two-way sharing process, in which targeted organizations share details of attacks that take place against them with governments, and governments share intelligence about the current threat environment and potential future threats. To be an effective tool against Targeted Attacks, analysis of security logs, alerts, and other intelligence information needs to take place in near-real time, which will require the establishment of solid public/private partnerships.
Some governments believe that their national security is dependent on economic security. They may therefore sponsor, or tacitly condone through inaction, the use of Targeted Attacks for stealing intellectual property to support indigenous industries. This approach is ultimately nearsighted because it inhibits the development of indigenous innovation. Governments therefore have a responsibility to address their philosophical differences and use the tools at their disposal, such as diplomacy and national policy, to establish appropriate international norms of behavior.