The world’s largest social network is stepping up its work in cyber security by teaming with other technology companies including Yahoo and online scrapbooking site Pinterest. The platform will enable companies to share clues about how hackers are behaving in the hope of preventing security breaches.
Facebook’s manager of threat infrastructure, Mark Hammel said ThreatExchange had been developed from a system that Facebook was already using internally to make it easier to catalogue threats to the site in real time.
Facebook’s decision to share the tool comes at a time when the company is trying to broaden its appeal beyond social interactions with friends and family and make the product a tool that is useful in the workplace. The company is also trying out a site and app called Facebook at Work, designed to facilitate internal collaboration between colleagues. Mr Hammel said Facebook would give the cyber security service away for free, unlike some other threat detection systems.
“We feel that as our product’s footprint has grown, with the number of people using it to communicate, we have the ability to spend more time on broader security issues that affect the internet,” he said. He added Facebook was “really well positioned” with its “social sharing model” to direct a threat project such as this. He added that Yahoo and Pinterest were good initial partners because they faced similar threats and had sizeable user bases. “Together, we’re protecting a pretty sizeable percentage of the internet,” he said.
As cyber attacks hit companies from Sony Pictures to health insurer Anthem, the private and public sector are under pressure to work together to understand their adversaries. Hackers join forces and share tips to break into networks but so far, communication about cyber defence has often been haphazard. The ThreatExchange comes after US president, Barack Obama, put information sharing at the heart of his cyber security proposals announced ahead of the State of the Union speech last month. He proposed legislation that would make it easier for companies to share information about cyber threats with the government. The US government announced this week that it would be establishing a new agency, modelled on the National Counterterrorism Center with the aim of bringing together information from all arms of government during a cyber incident.
Mr Obama is expected to flesh out those proposals at a White House summit held at Stanford University on Friday, while appealing to the technology industry to do more to help. The financial industry already leads the way in sharing information. The Financial Services Information Sharing and Analysis Center — known as FS-ISAC — joined the Depository Trust and Clearing Corporation, the post-trade services provider, last September to launch the first widespread not-for-profit intelligence service. The project is funded by 12 large companies from sectors including finance, energy and healthcare.
But many analysts say information sharing is a key challenge for cyber defences. Last year saw a steep acceleration in attacks on businesses. These included the largest ever breach of personal data at a retailer at Home Depot, as well as the attack on Sony Pictures that the FBI has said was orchestrated by North Korea.