Cybersecurity

Is DHS cyber info-sharing ready for prime time?

The Cybersecurity Act of 2015, passed by Congress in December as part of the 2016 omnibus spending package, establishes a voluntary framework for the government and private sector to exchange information on cyber threats without facing legal liability.

To ease private sector access to information on the government side, DHS created a web portal for information sharing as well as initiatives such as the Enhanced Cybersecurity Services and the Automated Indicator Sharing programs.

Though many companies lag in terms of cyber defense, these DHS programs still have room for improvement before the private sector completely buys in.

According to executive director of the Chamber of Commerce's cybersecurity policy Michael Eggers, small businesses make up "the bulk of" CISA memberships.

However, some of those businesses are simply unaware of CISA, and others are confused by the "overwhelming number of initiatives," said Ola Sage, founder and CEO of the IT solutions company e-Management. "If at some point this information could be built into tools we already use, so that we don't have to go all to different places to get it, that would be a very welcome development."

Additionally, the businesses that do understand and want to be a part of these DHS programs may face bureaucratic red tape in meeting access requirements, and the cost barriers to access classified information offered by programs such as ECS are simply too expensive, said Sage.

"We do receive regular updates on threat information through the portal, which is very accessible," she continued. "However, much of the unclassified information is already widely available on the Internet, or is dated."

Some other hitches include technical problems with the DHS programs.

"There is no actual test system to use with DHS, so in their rush to produce the platform and make it live, they didn't have an extra system… where you can go test it out," said Soltra CEO Mark Clancy. "On the operational side, I think there are just some mechanical issues that need to get worked through in signing up."

As a start to help clarify the cultural hurdles, DHS released the CISA final guidance documents on June 15, and is providing and education and outreach campaign.

"One of the things we need to think about is continuing the education effort," said Eggers, who noted that outreach efforts will be traveling to Texas and Wisconsin in the next month. "We want to orient small businesses and companies of all sizes around a cybersecurity framework… I think of [CISA] as a written tool."

Despite early challenges, Sage emphasized that companies remain committed to collaborating with DHS on CISA, and Clancy said that real-world implementation requires some ironing out.

"It's too soon to make a definitive judgment," he said. "The law is only six months old, the program is only three months old. If we have this problem again in 12 months, then we're in a very different place.

About the Author

Chase Gunter is a staff writer covering civilian agencies, workforce issues, health IT, open data and innovation.

Prior to joining FCW, Gunter reported for the C-Ville Weekly in Charlottesville, Va., and served as a college sports beat writer for the South Boston (Va.) News and Record. He started at FCW as an editorial fellow before joining the team full-time as a reporter.

Gunter is a graduate of the University of Virginia, where his emphases were English, history and media studies.

Click here for previous articles by Gunter, or connect with him on Twitter: @WChaseGunter

Featured

  • Contracting
    8 prototypes of the border walls as tweeted by CBP San Diego

    DHS contractors face protests – on the streets

    Tech companies are facing protests internally from workers and externally from activists about doing for government amid controversial policies like "zero tolerance" for illegal immigration.

  • Workforce
    By Mark Van Scyoc Royalty-free stock photo ID: 285175268

    At OPM, Weichert pushes direct hire, pay agent changes

    Margaret Weichert, now acting director of the Office of Personnel Management, is clearing agencies to make direct hires in IT, cyber and other tech fields and is changing pay for specialized occupations.

  • Cloud
    Shutterstock ID ID: 222190471 By wk1003mike

    IBM protests JEDI cloud deal

    As the deadline to submit bids on the Pentagon's $10 billion, 10-year warfighter cloud deal draws near, IBM announced a legal protest.

Stay Connected

FCW Update

Sign up for our newsletter.

I agree to this site's Privacy Policy.