Pre emptive threat intel group & InfoSecurity Sharing Group

The concept of prevention being better than disease and treatment has now extended to cyber security as well. Thus, several countries have started to place an emphasis on securing intelligence, Pre-emptive threat intel as it is known, in an effort to stop the attacker even before the attack begins. The asymmetrical nature of cyber threats makes pre-emptive threat intel a critical defensive and offensive tool to mitigate the asymmetry. Such intel assists in mapping of attack vector-hacker profile and existing attack patterns to understand technological prowess behind threats. The intel also reduces dependence on honey pots and feeds from ISPs.

In keeping with this strategic shift in cyber defense, CSPF has decided to consolidate its earlier programs in pre-emptive intel and formed two groups, Pre-emptive threat intel group (PETIG) & InfoSecurity Sharing Group (ISSG). PETIG and ISSG will take a structured approach to sourcing threat intel and sharing it with the economic eco-system.

We are delighted that Mr M R Sivaraman I.A.S (Retd), who was Revenue Secretary, Government of India as well as Executive Director with the International Monetary Fund has consented to be the Chairman of the PETIG and ISSG. Mr. Gemini Ramamurthy, Chairman of CSPF will be Vice Chairman of the PETIG & ISSG group.

Further, Mr Kumar, Former CISO TMB & Former CISO of Polaris, who recently joined the PETIG group of CSPF, will be the single point co-ordinator for these initiatives of CSPF. CSPF will provide the operational, organisational and logistical support for PETIG and ISSG. The distribution list for threat intels will be maintained by CSPF.

Most of the threat intel distributed by CSPF is Traffic Light Protocol (TLP) Red and handed over to the organisations directly. Learning from such TLP red will be shared with others in the group (without mentioning the affected organisations)

Presently, 20 organisations from the BFSI sector from across the APAC region are part these groups. These groups work on a pro bono basis. We only require that the CISOs from organisations wishing to join the groups co-ordinate with CSPF for inclusion (please use contact to initiate this). Organisations are expected to mutually start sharing intel using TLP with other participants. They can also use these groups to discuss information security issues such as new products and technology in general.