DHS looks to upgrade flagging info sharing program

critical infrastructure security (Ravil Sayfullin/ 

Optional caption goes here. Optional caption goes here. Optional caption goes here. Optional caption goes here.

A senior Department of Homeland Security official said a flagging cybersecurity information sharing program will be getting a facelift to improve quality and facilitate more complex defensive actions.

The Automated Indicator Sharing program, which facilitates the sharing of threat indicators between the federal government and private sector, was originally envisioned as a crucial tool to achieve broader visibility around malicious cyber activity and more quickly respond to emerging threats. However, the program has never gained the level of traction with private sector groups that policymakers in Congress and at DHS originally hoped for. In particular, while many companies are happy to receive information from DHS, only a handful were actually sharing information back with the government as of last year, per reporting from Nextgov.

Jeanette Manfra, the assistant director for cybersecurity and communications at the Cybersecurity and Infrastructure Security Agency at DHS, said her agency has been able to make significant progress in recent years to increase collaboration with companies and other federal agencies through more analog means -- such as conversation and relationship building. However, when it comes to automated programs like AIS, it's "going to take a lot more work to build trust into the system," she said.

"When we start talking about automation, you really have to get into the weeds with your partner and have honest conversations," Manfra said at a Sept. 5 Intelligence National Security Alliance event in Washington D.C. "I don't need to you to just automate the ingest, I need you to automate the actual actions and I need it to start to spread to as many people as possible so that we're all blocking whatever it is that one person put in there."

Sharing information was supposed to be just the first link in the AIS chain -- something that would facilitate broader automated actions to identify and close off certain vulnerabilities before they started to get exploited by bad actors at scale. Getting to that stage turned out to be far more complicated than program creators realized.

"Everybody sort of went into it with this [idea that] we have to do things at machine speed, cyber speed, super-fast and real time, and if we just find a way to automate indicators we'll get rid of all this noise that everybody has to deal with and focus on the really hard problems," Manfra said. "But if you think about it, if I'm delivering a feed…to hundreds of organizations, the amount of trust that organization has to have in my feed to automate not just the ingest but the actual blocking action – that's a lot of trust."

One of the other enduring complaints from companies has been that the data they receive from AIS is incomplete, lacking critical context or otherwise of limited use. In an interview following her appearance, Manfra told FCW that after hearing feedback from participants, CISA is looking to revamp the program in the future to address some of those concerns.

"I think what we’re going to do is we will probably start differentiating more feeds, so it's not going to be a one size fits all," she said. "It was originally intended to not have much human [presence] in the loop…but garbage-in garbage-out is always a risk there. So there will probably be less quantity and higher confidence and higher quality, because that's most of the feedback we've gotten. [We've heard] 'if it's coming from the government, we're happy to trust it but we want to know that this is no kidding the most important stuff.'"

About the Author

Derek B. Johnson is a former senior staff writer at FCW.


  • Defense
    Soldiers from the Old Guard test the second iteration of the Integrated Visual Augmentation System (IVAS) capability set during an exercise at Fort Belvoir, VA in Fall 2019. Photo by Courtney Bacon

    IVAS and the future of defense acquisition

    The Army’s Integrated Visual Augmentation System has been in the works for years, but the potentially multibillion deal could mark a paradigm shift in how the Defense Department buys and leverages technology.

  • Cybersecurity
    Deputy Secretary of Homeland Security Alejandro Mayorkas  (U.S. Coast Guard photo by Petty Officer 3rd Class Lora Ratliff)

    Mayorkas announces cyber 'sprints' on ransomware, ICS, workforce

    The Homeland Security secretary announced a series of focused efforts to address issues around ransomware, critical infrastructure and the agency's workforce that will all be launched in the coming weeks.

Stay Connected