Early in this morning’s panel discussion Fear Factor: Information Sharing, an audience member stood up and lamented, “In the 30 years I’ve been in the business, we’ve been debating this issue for 25 years. We’re never going to get there as long as we keep talking about the problem instead of addressing solutions.”There were two things about this discussion that were different, though. First, starting with that comment, the panel honed in on specifics of how information sharing might work — rather than discuss the philosophical reasons long assumed as barriers. Second, both the panelists and audience comments were seamlessly, wondrously “converged.” There was no distinction between physical vulnerabilities and logical vulnerabilities or expertise. It was all just security. In fact, this has been one of the best things about the conference as a whole.Old as the “Fear Factor” topic is, panelists made it clear that there is plenty of room for improvement. Michael Assante, CSO of American Electric Power, complained both about lag time and confidentiality issues that have resulted from information his company has shared with public agencies. And Rhonda MacLean, CISO of the Bank of America, brought up the logistical concerns of making sure that organizations aren’t just sharing data — but information. “That’s where the real challenge is, to separate the wheat from the chaff,” she said.Along these lines emerged one of the best quotes of the conference. Randall Yim, director of the Homeland Security Institute, a new think-tank, posed the idea of an eBay-like rating system for security disclosures, which would help information-sharers decide which warnings to pay the most attention to. What’s more, he said, this system could have advanced search features. Yim notes that the next generation of security leaders are bound to expect this kind of capability. “The question for us was, ‘Did you inhale?’ The question for them is going to be, ‘Did you download?’” Then it was time for lunch. One interesting note: conference organizers commented that CSOs don’t eat as much as CIOs, but they drink more. We’ll leave you to theorize on why.–Sarah D. Scalet Related content feature Top cybersecurity M&A deals for 2023 Fears of recession, rising interest rates, mass tech layoffs, and conservative spending trends are likely to make dealmakers cautious, but an ever-increasing need to defend against bigger and faster attacks will likely keep M&A activity steady in By CSO Staff Sep 22, 2023 24 mins Mergers and Acquisitions Mergers and Acquisitions Mergers and Acquisitions brandpost Unmasking ransomware threat clusters: Why it matters to defenders Similar patterns of behavior among ransomware treat groups can help security teams better understand and prepare for attacks By Joan Goodchild Sep 21, 2023 3 mins Cybercrime news analysis China’s offensive cyber operations support “soft power” agenda in Africa Researchers track Chinese cyber espionage intrusions targeting African industrial sectors. By Michael Hill Sep 21, 2023 5 mins Advanced Persistent Threats Cyberattacks Critical Infrastructure brandpost Proactive OT security requires visibility + prevention You cannot protect your operation by simply watching and waiting. It is essential to have a defense-in-depth approach. By Austen Byers Sep 21, 2023 4 mins Security Podcasts Videos Resources Events SUBSCRIBE TO OUR NEWSLETTER From our editors straight to your inbox Get started by entering your email address below. Please enter a valid email address Subscribe