Cybersecurity

How info sharing can get unstuck

network security (deepadesigns/Shutterstock.com) 

Information sharing is easier said than done. The Department of Homeland Security has set up a number of programs, such as Automated Indicator Sharing, designed to build a foundation for just such a partnership. Thus far AIS -- designed to facilitate machine-to-machine information sharing between government and industry -- has largely operated in only one direction, with officials acknowledging earlier this year that only half a dozen non-federal entities are sending threat information back to DHS.

A staffer for one cyber-minded Democratic member of Congress told FCW earlier this year that the lack of traction on two-way information sharing is concerning and could be cause for re-evaluating the structure and effectiveness of programs like AIS in the future.

The Department of Defense recently received a larger role protecting the homeland in the Trump administration's new cyber strategy . Deputy Assistant Secretary of Defense for Cyber Policy Ed Wilson pointed to election security as an example of where the DOD developed "unique arrangements" with DHS to share information and intelligence about particular threats that would then get passed down to officials at the state and local level.

Wilson said DOD is currently leveraging pilot projects and task forces to explore additional opportunities, and the department wants to engage with the defense industrial base in particular joint ventures to protect private-sector companies that make up much of U.S. critical infrastructure.

"We're looking at how can we share information in a more agile sense, how can help with sensors, especially on the smaller companies," Wilson said at a Nov. 13 cybersecurity event hosted by the Foundation for Defense of Democracies. "The larger corporations tend to do well; it's the second- and third-tier suppliers that are at the most risk and where we're seeing the most exfiltration [of data]."

The federal government has come a long way on the issue of information sharing in the past decade. John Carlin, former assistant attorney general for national security at the Department of Justice during the Obama administration, pointed to a dramatic shift in recent years regarding the willingness of federal agencies to share information on cyber threats.

In 2007, Carlin led the FBI's Computer Hacking and Intellectual Property program. Next door, another FBI squad focused on cyber intelligence threats. Despite their proximity, the two teams operated on opposite sides of a locked door and never spoke to each other.

"The whole time I was working those cases, I never knew what was happening on the other side of that door," said Carlin. "In fact, an agent would occasionally switch squads and then just disappear, never to be seen again. We didn't know what happened."

Later on in his career, Carlin went to work for then-FBI Director Robert Mueller and got a first-hand look at what was happening on the intelligence side, with countries like China using state-owned cyber tools to siphon billions of dollars from American companies and research universities.

Carlin said that government failed to apply the core lessons of 9/11 – appreciating the need to share information across the law enforcement-intelligence divide. Agencies also need to open up the spigot to other government partners and the private sector, he said. They must also break through the "classification by default" mindset that many intelligence officials have been trained to follow.

"When I talk to [the] private sector, understandably there's a lot of confusion that they're going to be...punished or [face] civil action if they go tell people about threats," Carlin said. "So the current cost-benefit analysis inside our own C-suites is often, 'Let's not tell someone about a threat.'"

About the Author

Derek B. Johnson is a senior staff writer at FCW, covering governmentwide IT policy, cybersecurity and a range of other federal technology issues.

Prior to joining FCW, Johnson was a freelance technology journalist. His work has appeared in The Washington Post, GoodCall News, Foreign Policy Journal, Washington Technology, Elevation DC, Connection Newspapers and The Maryland Gazette.

Johnson has a Bachelor's degree in journalism from Hofstra University and a Master's degree in public policy from George Mason University. He can be contacted at djohnson@fcw.com, or follow him on Twitter @derekdoestech.

Click here for previous articles by Johnson.


Featured

  • Comment
    Pilot Class. The author and Barbie Flowers are first row third and second from right, respectively.

    How VA is disrupting tech delivery

    A former Digital Service specialist at the Department of Veterans Affairs explains efforts to transition government from a legacy "project" approach to a more user-centered "product" method.

  • Cloud
    cloud migration

    DHS cloud push comes with complications

    A pressing data center closure schedule and an ensuing scramble to move applications means that some Homeland Security components might need more than one hop to get to the cloud.

  • Comment
    Blue Signage and logo of the U.S. Department of Veterans Affairs

    Doing digital differently at VA

    The Department of Veterans Affairs CIO explains why digital transformation is not optional.

Stay Connected

FCW INSIDER

Sign up for our newsletter.

I agree to this site's Privacy Policy.