The Global Cyber Alliance (GCA) held its first Strategic Advisory Committee (SAC) meeting on March 18th, at the New York Federal Reserve Bank. The SAC is chaired by GCA’s three founding partners: New York County District Attorney Cyrus R. Vance, Jr., London Police Commissioner Ian Dyson, and Chair of the Center for Internet Security John Gilligan. The SAC comprises senior-level executives from the public and private sectors.
The mission of GCA is to identify systemic cyber risks where significant progress can be made on risk mitigation, and then to bring together the people and resources to identify and implement a solution — to take action — and to measure the effect. The outcome of this effort is not a report with recommendations but actual risk reduction moving forward on a path to eradicate a systemic cyber risk.
GCA will regularly assess the top cyber risks that the collective community believes are significant threats to the global, on-line community and for which GCA can have a measurable, positive impact on the eradication of the risk.
At the Strategic Advisory Committee meeting, the Global Cyber Alliance presented the following Top Systemic Risks to consider tackling through task groups focused on implementation:
- Risks arising from weak identity and authentication mechanisms,
- Risks arising from vulnerable and compromised websites, and
- Distributed Denial of Service (DDoS) attack.
GCA, based on the advice and recommendations from its Strategic and Technical Advisory Committee members, has decided to tackle Phishing by driving implementation of two solutions that have been shown to be effective — limiting spoofing of email (through DMARC) and minimizing the effect of phishing and other attacks (through secure DNS practices). For more information on the solutions, please visitglobalcyberalliance.org.
Manhattan District Attorney, Cyrus R. Vance, Jr., stated: “The Global Cyber Alliance was borne out of a shared commitment to reducing cyber risk worldwide. By focusing the institutional knowledge and resources of stakeholders on select challenges, GCA will be able to isolate and address key vulnerabilities adversely affecting individuals and organizations all over the world, ultimately benefitting those in both the public and private sectors.”
Chair of the Center for Internet Security and Former Chief Information Officer of the United States Air Force and Department of Energy, John Gilligan, stated, “I have first hand knowledge of the power of the collective effort to make systemic changes to improve our cyber security posture. GCA mission is to confront these risks on an international scale which is critical in this day and age. The SAC meeting reconfirmed the importance of working together to confront these top risks.”
City of London Police Commissioner, Ian Dyson, said, “The Global Cyber Alliance has identified the biggest risks to businesses and individuals globally from cyber crime. By prioritizing the risks that cause the most harm the alliance can build solutions that can make the cyber world a safer place in the future.”
GCA President and CEO Philip Reitinger stated, “Phishing is a priority for everyone, and there are many groups that are working on phishing, such as the Anti-Phishing Working Group, the National Cyber Security Alliance, DMARC.org, the Shadowserver Foundation, law enforcement, and many others. GCA will work in partnership with these organizations to tackle the problem — to drive the deployment of DMARC and use of secure DNS services, and to measure the effect — so that we all may accelerate eradication of phishing as a systemic cyber risk.”
Peter Cassidy, Secretary General of the Anti-Phishing Working Group (APWG) and an early supporter of GCA, stated, “The APWG welcomes GCA to the counter-cybercrime community with cheer and anticipation of the great advances we can and will make together. Alliances that we forge today, amidst the gathering chaos, are the foundations of institutions and conventions that will make cybercrime, in all its manifestations, a predictable and manageable risk tomorrow.”
The GCA Strategic Advisory Committee presently comprises 42 entities spanning the finance, health, telecommunications, education, insurance, cyber security, technology, and media sectors, as well as government and law enforcement officials from Canada, France, the United Kingdom, and the United States.
Jim Routh, Chief Information Security Officer at Aetna who is a member of the GCA Strategic Advisory Committee, stated, “Spear phishing is increasing in both frequency and sophistication, and represents a real threat to companies large and small. All industries should consider the use of a proven control like the DMARC standard, which can help rebuild trust in the email ecosystem.”
GCA is currently building international task groups to drive these solutions and measure progress. Individuals and entities interested in joining the GCA campaign to do something about it are urged to contact GCA at globalcyberalliance.org.