Cybersecurity

How to fix information sharing, according to industry

Shutterstock image: open lock. 

Secret cyber threat data and a clunky clearance process are barriers to bidirectional information sharing, industry representatives told the House Homeland Security Committee's Cybersecurity and Infrastructure subcommittee on Nov. 16.

"Over-classification of entire reports continues to be an issue across the board in the intelligence community in all kinds of different contexts," said Ann Barron-DiCamillo, former head of US-CERT at the Department of Homeland Security and vice president for cyber intelligence and incident response at American Express.

Barron-DiCamillo also explained that American Express, as well as other critical infrastructure partners, is discouraged from directly participating in DHS' cyber information sharing and collaboration or its automated indicator sharing program because of the clearance process.

"You have to go through the DOD private industry clearance process, and when you have a CRADA [cooperative research and development] agreement with DHS you are forced through the facility clearance process versus the DOD clearance process for individuals," which she said inhibits companies from adding additional cleared personnel.

And when it comes to industry access to classified information, part of the solution is being able to scour public data sources to see what's already been compromised as well as government being more judicious about what's labeled classified.

"If it's already out there in the public domain, then why is it still classified?" Patricia Cagliostro, Anomali's federal solutions architect manager, asked during the hearing. "The association to an actor, how we discovered [the threat indicator], may be sensitive but the indicator itself shouldn't be.… One of the big first steps should be aggregating the publicly available information so that we can more effectively and quickly declassify tools."

The second piece, she said, is automating the process rather than having human operators "download files once a day and copy them over."

Thomas Gann, McAfee's chief public policy officer, told FCW after testifying in a separate hearing on cyber threat information sharing and small businesses that the declassification problem could be lessened on the front end.

"Too often the government over classifies cyber threat data, which leads to the challenge of declassifying it when it is useful to the private sector," Gann said. And once it's classified, it's hard to undo it because "each part of the government has its own declassification processes."

Agencies should "be very judicious on the front end" and only classify information in situations where true intelligence capabilities were used, he said.

But there is hope that public-private information sharing will improve.

Robert Knake, a senior fellow for the Council on Foreign Relations who also testified Wednesday, said, "We have made tremendous progress on this issue over the last five years, in particular," pointing to the Cybersecurity Information Sharing Act passed in 2015, which included liability protections, as playing an integral part.

However, to get sharing where it needs to be, the government will have to provide more contextual details of cyber threats to industry.

Barron-DiCamillo said industry would appreciate if the government would let operators "share playbook-type details, that kind of context that's going to be specific to how I would implement these indicators in my environment, which is more than an IP address or URL…. It's just not available in the current information-sharing systems."

About the Author

Lauren C. Williams is a staff writer at FCW covering defense and cybersecurity.

Prior to joining FCW, Williams was the tech reporter for ThinkProgress, where she covered everything from internet culture to national security issues. In past positions, Williams covered health care, politics and crime for various publications, including The Seattle Times.

Williams graduated with a master's in journalism from the University of Maryland, College Park and a bachelor's in dietetics from the University of Delaware. She can be contacted at lwilliams@fcw.com, or follow her on Twitter @lalaurenista.

Click here for previous articles by Wiliams.


Featured

  • Contracting
    8 prototypes of the border walls as tweeted by CBP San Diego

    DHS contractors face protests – on the streets

    Tech companies are facing protests internally from workers and externally from activists about doing for government amid controversial policies like "zero tolerance" for illegal immigration.

  • Workforce
    By Mark Van Scyoc Royalty-free stock photo ID: 285175268

    At OPM, Weichert pushes direct hire, pay agent changes

    Margaret Weichert, now acting director of the Office of Personnel Management, is clearing agencies to make direct hires in IT, cyber and other tech fields and is changing pay for specialized occupations.

  • Cloud
    Shutterstock ID ID: 222190471 By wk1003mike

    IBM protests JEDI cloud deal

    As the deadline to submit bids on the Pentagon's $10 billion, 10-year warfighter cloud deal draws near, IBM announced a legal protest.

Stay Connected

FCW Update

Sign up for our newsletter.

I agree to this site's Privacy Policy.