Ransomware epidemic prompting firms to rethink information sharing

Cyberattack, financial services

The Department of Homeland Security has signed up 100 "non federal" user for its Automated Indicator Sharing program – the machine-to-machine cyber information sharing program that was authorized under the Cybersecurity Information Sharing Act signed into law in 2015.

Non-federal users include state governments, international organizations, computer emergency response teams, banks and other private companies, according to Preston Wertz, a senior strategist in DHS' Office of Cybersecurity and Communications. The group also includes Information Sharing and Analysis Centers and Information Sharing and Analysis Organizations run by industries.

The epidemic of ransomware is one reason why industry and others are finally moving toward information sharing.

Companies have been leery about information sharing in cases of economic espionage, intellectual property theft and similar cyber crimes, because of the potential that disclosures could have an adverse impact on their financial prospects.

Ransomware, in which hackers hold computers and even entire networks hostage for electronic cash payments, is a different beast. This type of cyber attack has been making incursions into critical infrastructure providers' lanes lately, according to Dewan Chowdhury, cybersecurity advisor for Pepco Holdings, the mid-Atlantic electrical utility that merged  with Excelon in March.

"The perception has changed," he said. A "handful" of other malware attacks have also landed at other critical infrastructure providers. Malware operations in Eastern Europe "are taking industry hostage," Chowdhury said in a June 9 panel discussion on the DHS Automated Information Sharing program in Arlington, Va.

DHS officially launched its AIS program under the Cybersecurity Information Sharing Act of 2015 last February. AIS enables the machine-to-machine exchange of cyber threat indicator information between the federal government and the private sector. DHS offers several layers of information sharing with industry, with the AIS effort being the broadest for industry.

Commercial industry has been cautious as the threat indicator program has gotten off the ground with legal concerns of how that information will be used a common topic of discussion.

A member of the crowded audience at the DHS event told Andy Ozment, DHS' assistant secretary for the Office of Cybersecurity and Communication, that his company's legal counsel had some concerns about sharing threat indicator information.

Ozment said industry lawyers should more closely consider the "information sharing, not reporting," that AIS provides.

Chowdhury noted that Pepco's lawyers needed six to seven months to sign off on a sharing agreement. The company has been using DHS' higher-level threat sharing service Cyber Information Sharing and Collaboration Program  for the last two years. "It's a cultural issue," he said of companies using threat information but shying away from sharing their own. "Everyone likes to receive, but no one likes to give."

Ozment said he understood the legal concerns, but added that many companies were already sharing threat information before CISA went into effect. He said he thought most legal concerns boiled down to getting to "zero risk" for that shared information once it leaves the company.

The focus, he said, should be on drawing down the risk for the company as a whole and making general counsels see the benefits that sharing indicators can bring to both security and the bottom line.

Ozment reassured attendees that DHS' information sharing programs weren't "regulators, intelligence agencies or law enforcement."

When asked by an audience member if a company should help trap ransomware thieves by pretending to play along to their bank account information and identify them, Ozment said, "that would be the time to call law enforcement."

About the Author

Mark Rockwell is a senior staff writer at FCW, whose beat focuses on acquisition, the Department of Homeland Security and the Department of Energy.

Before joining FCW, Rockwell was Washington correspondent for Government Security News, where he covered all aspects of homeland security from IT to detection dogs and border security. Over the last 25 years in Washington as a reporter, editor and correspondent, he has covered an increasingly wide array of high-tech issues for publications like Communications Week, Internet Week, Fiber Optics News, magazine and Wireless Week.

Rockwell received a Jesse H. Neal Award for his work covering telecommunications issues, and is a graduate of James Madison University.

Click here for previous articles by Rockwell. Contact him at or follow him on Twitter at @MRockwell4.


  • Congress
    Rep. Jim Langevin (D-R.I.) at the Hack the Capitol conference Sept. 20, 2018

    Jim Langevin's view from the Hill

    As chairman of of the Intelligence and Emerging Threats and Capabilities subcommittee of the House Armed Services Committe and a member of the House Homeland Security Committee, Rhode Island Democrat Jim Langevin is one of the most influential voices on cybersecurity in Congress.

  • Comment
    Pilot Class. The author and Barbie Flowers are first row third and second from right, respectively.

    How VA is disrupting tech delivery

    A former Digital Service specialist at the Department of Veterans Affairs explains efforts to transition government from a legacy "project" approach to a more user-centered "product" method.

  • Cloud
    cloud migration

    DHS cloud push comes with complications

    A pressing data center closure schedule and an ensuing scramble to move applications means that some Homeland Security components might need more than one hop to get to the cloud.

Stay Connected


Sign up for our newsletter.

I agree to this site's Privacy Policy.