Cybersecurity

Is DHS cyber info-sharing ready for prime time?

The Cybersecurity Act of 2015, passed by Congress in December as part of the 2016 omnibus spending package, establishes a voluntary framework for the government and private sector to exchange information on cyber threats without facing legal liability.

To ease private sector access to information on the government side, DHS created a web portal for information sharing as well as initiatives such as the Enhanced Cybersecurity Services and the Automated Indicator Sharing programs.

Though many companies lag in terms of cyber defense, these DHS programs still have room for improvement before the private sector completely buys in.

According to executive director of the Chamber of Commerce's cybersecurity policy Michael Eggers, small businesses make up "the bulk of" CISA memberships.

However, some of those businesses are simply unaware of CISA, and others are confused by the "overwhelming number of initiatives," said Ola Sage, founder and CEO of the IT solutions company e-Management. "If at some point this information could be built into tools we already use, so that we don't have to go all to different places to get it, that would be a very welcome development."

Additionally, the businesses that do understand and want to be a part of these DHS programs may face bureaucratic red tape in meeting access requirements, and the cost barriers to access classified information offered by programs such as ECS are simply too expensive, said Sage.

"We do receive regular updates on threat information through the portal, which is very accessible," she continued. "However, much of the unclassified information is already widely available on the Internet, or is dated."

Some other hitches include technical problems with the DHS programs.

"There is no actual test system to use with DHS, so in their rush to produce the platform and make it live, they didn't have an extra system… where you can go test it out," said Soltra CEO Mark Clancy. "On the operational side, I think there are just some mechanical issues that need to get worked through in signing up."

As a start to help clarify the cultural hurdles, DHS released the CISA final guidance documents on June 15, and is providing and education and outreach campaign.

"One of the things we need to think about is continuing the education effort," said Eggers, who noted that outreach efforts will be traveling to Texas and Wisconsin in the next month. "We want to orient small businesses and companies of all sizes around a cybersecurity framework… I think of [CISA] as a written tool."

Despite early challenges, Sage emphasized that companies remain committed to collaborating with DHS on CISA, and Clancy said that real-world implementation requires some ironing out.

"It's too soon to make a definitive judgment," he said. "The law is only six months old, the program is only three months old. If we have this problem again in 12 months, then we're in a very different place.

About the Author

Chase Gunter is a staff writer covering civilian agencies, workforce issues, health IT, open data and innovation.

Prior to joining FCW, Gunter reported for the C-Ville Weekly in Charlottesville, Va., and served as a college sports beat writer for the South Boston (Va.) News and Record. He started at FCW as an editorial fellow before joining the team full-time as a reporter.

Gunter is a graduate of the University of Virginia, where his emphases were English, history and media studies.

Click here for previous articles by Gunter, or connect with him on Twitter: @WChaseGunter

Featured

  • Telecommunications
    Stock photo ID: 658810513 By asharkyu

    GSA extends EIS deadline to 2023

    Agencies are getting up to three more years on existing telecom contracts before having to shift to the $50 billion Enterprise Infrastructure Solutions vehicle.

  • Workforce
    Shutterstock image ID: 569172169 By Zenzen

    OMB looks to retrain feds to fill cyber needs

    The federal government is taking steps to fill high-demand, skills-gap positions in tech by retraining employees already working within agencies without a cyber or IT background.

  • Acquisition
    GSA Headquarters (Photo by Rena Schild/Shutterstock)

    GSA to consolidate multiple award schedules

    The General Services Administration plans to consolidate dozens of its buying schedules across product areas including IT and services to reduce duplication.

Stay Connected

FCW Update

Sign up for our newsletter.

I agree to this site's Privacy Policy.