DHS is busy sharing threat info with the private sector

Image from

The Automated Indicator Sharing system, which facilitates machine-to-machine sharing of cyber threat indicators between the federal government and the private sector, is busy.

John Felker, director of the National Cybersecurity and Communications Integration Center, said that AIS was certified to operate on March 17, and already is pushing out between 100 and 150 cybersecurity threat indicators to private industry per day.

So far, the private sector isn't returning the favor.

AIS offers private firms a resource they can build on to bolster their own cybersecurity protections, and to help the federal government by returning their own threat indicators through the system, he said. But very little information has been sent back from private industry to the Department of Homeland Security, Felker said at an April 19 AFFIRM event in Washington, D.C.

Felker says that current levels of industry participation are not surprising, since private firms tend to be cautious and may be taking a "let's see what happens" approach to AIS.

The key to getting companies to participate more fully, he said, is to insure the threat information being sent out is high quality.

"We're learning how to push quality" indicators, Felker said. NCCIC is working on an AIS scoring system that uses a database to score indicators on a one-to-10 scale, with 10 being most critical. The rating system, he said, isn't completely automatic, however.

"We haven't figured out how to take a human out of the loop" because of privacy concerns, Felker said. Companies submitting information can limit the use of their threat reports by indicating they contain sensitive information. Machines that rate the indicators can't make that judgement, so the agency isn't pushing out privacy protected indicators.

Testing APT readiness

On the federal network side, DHS' National Cybersecurity Assessments & Technical Services  Offensive Security Assessment "red team" service is currently under trial at three federal agencies, he said. The service, which mimics the stealthy advanced persistent threat groups, offers agencies a change to test their cyber defense skills against threats like the attacks that infiltrated Office of Personnel Management databases in 2015.

In a March 23 presentation to the Information Security and Privacy Advisory Board in Washington, NCCIC officials said they had launched a 90-day trial of the Offensive Security Assessment service with a large federal agency at the beginning of March.

Felker offered an update April 19, saying that three agencies are involved in 90-day trials of the services. "One small, one medium and one large," agency, he said, declining to name the agencies. The trial periods, would be adjusted according to need, he said, and to extend training for both NCCIC and customer-agency personnel to hone their cyber skills.

About the Author

Mark Rockwell is a senior staff writer at FCW, whose beat focuses on acquisition, the Department of Homeland Security and the Department of Energy.

Before joining FCW, Rockwell was Washington correspondent for Government Security News, where he covered all aspects of homeland security from IT to detection dogs and border security. Over the last 25 years in Washington as a reporter, editor and correspondent, he has covered an increasingly wide array of high-tech issues for publications like Communications Week, Internet Week, Fiber Optics News, magazine and Wireless Week.

Rockwell received a Jesse H. Neal Award for his work covering telecommunications issues, and is a graduate of James Madison University.

Click here for previous articles by Rockwell. Contact him at or follow him on Twitter at @MRockwell4.


  • Contracting
    8 prototypes of the border walls as tweeted by CBP San Diego

    DHS contractors face protests – on the streets

    Tech companies are facing protests internally from workers and externally from activists about doing for government amid controversial policies like "zero tolerance" for illegal immigration.

  • Workforce
    By Mark Van Scyoc Royalty-free stock photo ID: 285175268

    At OPM, Weichert pushes direct hire, pay agent changes

    Margaret Weichert, now acting director of the Office of Personnel Management, is clearing agencies to make direct hires in IT, cyber and other tech fields and is changing pay for specialized occupations.

  • Cloud
    Shutterstock ID ID: 222190471 By wk1003mike

    IBM protests JEDI cloud deal

    As the deadline to submit bids on the Pentagon's $10 billion, 10-year warfighter cloud deal draws near, IBM announced a legal protest.

Stay Connected

FCW Update

Sign up for our newsletter.

I agree to this site's Privacy Policy.