Cybersecurity

DHS looks to upgrade flagging info sharing program

critical infrastructure security (Ravil Sayfullin/Shutterstock.com) 

Optional caption goes here. Optional caption goes here. Optional caption goes here. Optional caption goes here.

A senior Department of Homeland Security official said a flagging cybersecurity information sharing program will be getting a facelift to improve quality and facilitate more complex defensive actions.

The Automated Indicator Sharing program, which facilitates the sharing of threat indicators between the federal government and private sector, was originally envisioned as a crucial tool to achieve broader visibility around malicious cyber activity and more quickly respond to emerging threats. However, the program has never gained the level of traction with private sector groups that policymakers in Congress and at DHS originally hoped for. In particular, while many companies are happy to receive information from DHS, only a handful were actually sharing information back with the government as of last year, per reporting from Nextgov.

Jeanette Manfra, the assistant director for cybersecurity and communications at the Cybersecurity and Infrastructure Security Agency at DHS, said her agency has been able to make significant progress in recent years to increase collaboration with companies and other federal agencies through more analog means -- such as conversation and relationship building. However, when it comes to automated programs like AIS, it's "going to take a lot more work to build trust into the system," she said.

"When we start talking about automation, you really have to get into the weeds with your partner and have honest conversations," Manfra said at a Sept. 5 Intelligence National Security Alliance event in Washington D.C. "I don't need to you to just automate the ingest, I need you to automate the actual actions and I need it to start to spread to as many people as possible so that we're all blocking whatever it is that one person put in there."

Sharing information was supposed to be just the first link in the AIS chain -- something that would facilitate broader automated actions to identify and close off certain vulnerabilities before they started to get exploited by bad actors at scale. Getting to that stage turned out to be far more complicated than program creators realized.

"Everybody sort of went into it with this [idea that] we have to do things at machine speed, cyber speed, super-fast and real time, and if we just find a way to automate indicators we'll get rid of all this noise that everybody has to deal with and focus on the really hard problems," Manfra said. "But if you think about it, if I'm delivering a feed…to hundreds of organizations, the amount of trust that organization has to have in my feed to automate not just the ingest but the actual blocking action – that's a lot of trust."

One of the other enduring complaints from companies has been that the data they receive from AIS is incomplete, lacking critical context or otherwise of limited use. In an interview following her appearance, Manfra told FCW that after hearing feedback from participants, CISA is looking to revamp the program in the future to address some of those concerns.

"I think what we’re going to do is we will probably start differentiating more feeds, so it's not going to be a one size fits all," she said. "It was originally intended to not have much human [presence] in the loop…but garbage-in garbage-out is always a risk there. So there will probably be less quantity and higher confidence and higher quality, because that's most of the feedback we've gotten. [We've heard] 'if it's coming from the government, we're happy to trust it but we want to know that this is no kidding the most important stuff.'"

About the Author

Derek B. Johnson is a senior staff writer at FCW, covering governmentwide IT policy, cybersecurity and a range of other federal technology issues.

Prior to joining FCW, Johnson was a freelance technology journalist. His work has appeared in The Washington Post, GoodCall News, Foreign Policy Journal, Washington Technology, Elevation DC, Connection Newspapers and The Maryland Gazette.

Johnson has a Bachelor's degree in journalism from Hofstra University and a Master's degree in public policy from George Mason University. He can be contacted at djohnson@fcw.com, or follow him on Twitter @derekdoestech.

Click here for previous articles by Johnson.


Featured

  • Defense
    The U.S. Army Corps of Engineers and the National Geospatial-Intelligence Agency (NGA) reveal concept renderings for the Next NGA West (N2W) campus from the design-build team McCarthy HITT winning proposal. The entirety of the campus is anticipated to be operational in 2025.

    How NGA is tackling interoperability challenges

    Mark Munsell, the National Geospatial-Intelligence Agency’s CTO, talks about talent shortages and how the agency is working to get more unclassified data.

  • Veterans Affairs
    Veterans Affairs CIO Jim Gfrerer speaks at an Oct. 10 FCW event (Photo credit: Troy K. Schneider)

    VA's pivot to agile

    With 10 months on the job, Veterans Affairs CIO Jim Gfrerer is pushing his organization toward a culture of constant delivery.

Stay Connected

FCW INSIDER

Sign up for our newsletter.

I agree to this site's Privacy Policy.