Cybersecurity

How to fix information sharing, according to industry

Shutterstock image: open lock. 

Secret cyber threat data and a clunky clearance process are barriers to bidirectional information sharing, industry representatives told the House Homeland Security Committee's Cybersecurity and Infrastructure subcommittee on Nov. 16.

"Over-classification of entire reports continues to be an issue across the board in the intelligence community in all kinds of different contexts," said Ann Barron-DiCamillo, former head of US-CERT at the Department of Homeland Security and vice president for cyber intelligence and incident response at American Express.

Barron-DiCamillo also explained that American Express, as well as other critical infrastructure partners, is discouraged from directly participating in DHS' cyber information sharing and collaboration or its automated indicator sharing program because of the clearance process.

"You have to go through the DOD private industry clearance process, and when you have a CRADA [cooperative research and development] agreement with DHS you are forced through the facility clearance process versus the DOD clearance process for individuals," which she said inhibits companies from adding additional cleared personnel.

And when it comes to industry access to classified information, part of the solution is being able to scour public data sources to see what's already been compromised as well as government being more judicious about what's labeled classified.

"If it's already out there in the public domain, then why is it still classified?" Patricia Cagliostro, Anomali's federal solutions architect manager, asked during the hearing. "The association to an actor, how we discovered [the threat indicator], may be sensitive but the indicator itself shouldn't be.… One of the big first steps should be aggregating the publicly available information so that we can more effectively and quickly declassify tools."

The second piece, she said, is automating the process rather than having human operators "download files once a day and copy them over."

Thomas Gann, McAfee's chief public policy officer, told FCW after testifying in a separate hearing on cyber threat information sharing and small businesses that the declassification problem could be lessened on the front end.

"Too often the government over classifies cyber threat data, which leads to the challenge of declassifying it when it is useful to the private sector," Gann said. And once it's classified, it's hard to undo it because "each part of the government has its own declassification processes."

Agencies should "be very judicious on the front end" and only classify information in situations where true intelligence capabilities were used, he said.

But there is hope that public-private information sharing will improve.

Robert Knake, a senior fellow for the Council on Foreign Relations who also testified Wednesday, said, "We have made tremendous progress on this issue over the last five years, in particular," pointing to the Cybersecurity Information Sharing Act passed in 2015, which included liability protections, as playing an integral part.

However, to get sharing where it needs to be, the government will have to provide more contextual details of cyber threats to industry.

Barron-DiCamillo said industry would appreciate if the government would let operators "share playbook-type details, that kind of context that's going to be specific to how I would implement these indicators in my environment, which is more than an IP address or URL…. It's just not available in the current information-sharing systems."

About the Author

Lauren C. Williams is a staff writer at FCW covering defense and cybersecurity.

Prior to joining FCW, Williams was the tech reporter for ThinkProgress, where she covered everything from internet culture to national security issues. In past positions, Williams covered health care, politics and crime for various publications, including The Seattle Times.

Williams graduated with a master's in journalism from the University of Maryland, College Park and a bachelor's in dietetics from the University of Delaware. She can be contacted at lwilliams@fcw.com, or follow her on Twitter @lalaurenista.

Click here for previous articles by Wiliams.


Featured

  • Congress
    Rep. Jim Langevin (D-R.I.) at the Hack the Capitol conference Sept. 20, 2018

    Jim Langevin's view from the Hill

    As chairman of of the Intelligence and Emerging Threats and Capabilities subcommittee of the House Armed Services Committe and a member of the House Homeland Security Committee, Rhode Island Democrat Jim Langevin is one of the most influential voices on cybersecurity in Congress.

  • Comment
    Pilot Class. The author and Barbie Flowers are first row third and second from right, respectively.

    How VA is disrupting tech delivery

    A former Digital Service specialist at the Department of Veterans Affairs explains efforts to transition government from a legacy "project" approach to a more user-centered "product" method.

  • Cloud
    cloud migration

    DHS cloud push comes with complications

    A pressing data center closure schedule and an ensuing scramble to move applications means that some Homeland Security components might need more than one hop to get to the cloud.

Stay Connected

FCW INSIDER

Sign up for our newsletter.

I agree to this site's Privacy Policy.