Cybersecurity

How to fix information sharing, according to industry

Shutterstock image: open lock. 

Secret cyber threat data and a clunky clearance process are barriers to bidirectional information sharing, industry representatives told the House Homeland Security Committee's Cybersecurity and Infrastructure subcommittee on Nov. 16.

"Over-classification of entire reports continues to be an issue across the board in the intelligence community in all kinds of different contexts," said Ann Barron-DiCamillo, former head of US-CERT at the Department of Homeland Security and vice president for cyber intelligence and incident response at American Express.

Barron-DiCamillo also explained that American Express, as well as other critical infrastructure partners, is discouraged from directly participating in DHS' cyber information sharing and collaboration or its automated indicator sharing program because of the clearance process.

"You have to go through the DOD private industry clearance process, and when you have a CRADA [cooperative research and development] agreement with DHS you are forced through the facility clearance process versus the DOD clearance process for individuals," which she said inhibits companies from adding additional cleared personnel.

And when it comes to industry access to classified information, part of the solution is being able to scour public data sources to see what's already been compromised as well as government being more judicious about what's labeled classified.

"If it's already out there in the public domain, then why is it still classified?" Patricia Cagliostro, Anomali's federal solutions architect manager, asked during the hearing. "The association to an actor, how we discovered [the threat indicator], may be sensitive but the indicator itself shouldn't be.… One of the big first steps should be aggregating the publicly available information so that we can more effectively and quickly declassify tools."

The second piece, she said, is automating the process rather than having human operators "download files once a day and copy them over."

Thomas Gann, McAfee's chief public policy officer, told FCW after testifying in a separate hearing on cyber threat information sharing and small businesses that the declassification problem could be lessened on the front end.

"Too often the government over classifies cyber threat data, which leads to the challenge of declassifying it when it is useful to the private sector," Gann said. And once it's classified, it's hard to undo it because "each part of the government has its own declassification processes."

Agencies should "be very judicious on the front end" and only classify information in situations where true intelligence capabilities were used, he said.

But there is hope that public-private information sharing will improve.

Robert Knake, a senior fellow for the Council on Foreign Relations who also testified Wednesday, said, "We have made tremendous progress on this issue over the last five years, in particular," pointing to the Cybersecurity Information Sharing Act passed in 2015, which included liability protections, as playing an integral part.

However, to get sharing where it needs to be, the government will have to provide more contextual details of cyber threats to industry.

Barron-DiCamillo said industry would appreciate if the government would let operators "share playbook-type details, that kind of context that's going to be specific to how I would implement these indicators in my environment, which is more than an IP address or URL…. It's just not available in the current information-sharing systems."

About the Author

Lauren C. Williams is a staff writer at FCW covering defense and cybersecurity.

Prior to joining FCW, Williams was the tech reporter for ThinkProgress, where she covered everything from internet culture to national security issues. In past positions, Williams covered health care, politics and crime for various publications, including The Seattle Times.

Williams graduated with a master's in journalism from the University of Maryland, College Park and a bachelor's in dietetics from the University of Delaware. She can be contacted at lwilliams@fcw.com, or follow her on Twitter @lalaurenista.

Click here for previous articles by Wiliams.


Featured

  • Cybersecurity

    DHS floats 'collective defense' model for cybersecurity

    Homeland Security Secretary Kirstjen Nielsen wants her department to have a more direct role in defending the private sector and critical infrastructure entities from cyberthreats.

  • Defense
    Defense Secretary James Mattis testifies at an April 12 hearing of the House Armed Services Committee.

    Mattis: Cloud deal not tailored for Amazon

    On Capitol Hill, Defense Secretary Jim Mattis sought to quell "rumors" that the Pentagon's planned single-award cloud acquisition was designed with Amazon Web Services in mind.

  • Census
    shutterstock image

    2020 Census to include citizenship question

    The Department of Commerce is breaking with recent practice and restoring a question about respondent citizenship last used in 1950, despite being urged not to by former Census directors and outside experts.

Stay Connected

FCW Update

Sign up for our newsletter.

I agree to this site's Privacy Policy.