Cybersecurity

Is DHS cyber info-sharing ready for prime time?

The Cybersecurity Act of 2015, passed by Congress in December as part of the 2016 omnibus spending package, establishes a voluntary framework for the government and private sector to exchange information on cyber threats without facing legal liability.

To ease private sector access to information on the government side, DHS created a web portal for information sharing as well as initiatives such as the Enhanced Cybersecurity Services and the Automated Indicator Sharing programs.

Though many companies lag in terms of cyber defense, these DHS programs still have room for improvement before the private sector completely buys in.

According to executive director of the Chamber of Commerce's cybersecurity policy Michael Eggers, small businesses make up "the bulk of" CISA memberships.

However, some of those businesses are simply unaware of CISA, and others are confused by the "overwhelming number of initiatives," said Ola Sage, founder and CEO of the IT solutions company e-Management. "If at some point this information could be built into tools we already use, so that we don't have to go all to different places to get it, that would be a very welcome development."

Additionally, the businesses that do understand and want to be a part of these DHS programs may face bureaucratic red tape in meeting access requirements, and the cost barriers to access classified information offered by programs such as ECS are simply too expensive, said Sage.

"We do receive regular updates on threat information through the portal, which is very accessible," she continued. "However, much of the unclassified information is already widely available on the Internet, or is dated."

Some other hitches include technical problems with the DHS programs.

"There is no actual test system to use with DHS, so in their rush to produce the platform and make it live, they didn't have an extra system… where you can go test it out," said Soltra CEO Mark Clancy. "On the operational side, I think there are just some mechanical issues that need to get worked through in signing up."

As a start to help clarify the cultural hurdles, DHS released the CISA final guidance documents on June 15, and is providing and education and outreach campaign.

"One of the things we need to think about is continuing the education effort," said Eggers, who noted that outreach efforts will be traveling to Texas and Wisconsin in the next month. "We want to orient small businesses and companies of all sizes around a cybersecurity framework… I think of [CISA] as a written tool."

Despite early challenges, Sage emphasized that companies remain committed to collaborating with DHS on CISA, and Clancy said that real-world implementation requires some ironing out.

"It's too soon to make a definitive judgment," he said. "The law is only six months old, the program is only three months old. If we have this problem again in 12 months, then we're in a very different place.

About the Author

Chase Gunter is a former FCW staff writer.

Featured

  • Comment
    Pilot Class. The author and Barbie Flowers are first row third and second from right, respectively.

    How VA is disrupting tech delivery

    A former Digital Service specialist at the Department of Veterans Affairs explains efforts to transition government from a legacy "project" approach to a more user-centered "product" method.

  • Cloud
    cloud migration

    DHS cloud push comes with complications

    A pressing data center closure schedule and an ensuing scramble to move applications means that some Homeland Security components might need more than one hop to get to the cloud.

  • Comment
    Blue Signage and logo of the U.S. Department of Veterans Affairs

    Doing digital differently at VA

    The Department of Veterans Affairs CIO explains why digital transformation is not optional.

Stay Connected

FCW INSIDER

Sign up for our newsletter.

I agree to this site's Privacy Policy.