CERT boss: Classification shouldn't hinder info sharing

SAN FRANCISCO -- Some of the jewels of cyber threat information are buried in classified reporting, and Ann Barron-DiCamillo, head of the Department of Homeland Security’s Computer Emergency Readiness Team, is keen on disseminating that information to industry.

Barron-DiCamillo's team is working with intelligence agencies to provide "richer contextual data" on cyber threats to the private sector by stripping that data from classified reports, she told FCW in an April 22 interview.

DHS is moving to more rapidly and automatically share threat information with industry, but Barron-DiCamillo's comments are a reminder that the quality of the information can be significantly improved, too. Top-secret intelligence reports on cyber threats contain technical data that itself is not classified, the U.S. CERT boss said. "Separating those things out has been a huge focus, and it's really helping with the timeliness as well as richer content associated with what we're sharing."

Barron-DiCamillo spoke to FCW on the sidelines of the RSA conference in San Francisco, which has given federal IT officials a platform to preach public-private cooperation and an opportunity to learn about Silicon Valley's newest gadgets. "Cyber is moving so quickly, and the evolution of tools is moving so quickly, [we] want to make sure that we have those local relationships," she said.

The revelations of National Security Agency bulk-data collection by former contractor Edward Snowden have frayed the agency's relationship with Silicon Valley, but in Barron-DiCamillo’s eyes, U.S. CERT does not carry the same baggage in its private-sector outreach.

"Being just a computer network defender [and having] this very clean mission, I think has really allowed us to create a lot of relationships with industry," she said.

The Beltway has plenty of large firms and system integrators, but not some of the "boutique capabilities" found in Silicon Valley that "could fit into some of the gap areas that we’re struggling with," she said. For example, Barron-DiCamillo said she wants DHS to improve its automated information sharing capabilities to free up manpower for analysis.

Progress seems to be underway. Last week, the department "deployed the capability to automate publication of cyber threat indicators in a machine-readable format," DHS Secretary Jeh Johnson announced at the RSA conference.

Barron-DiCamillo, a former chief divisional engineer at the Defense Information Systems Agency, said she has met with a variety of companies on her trip to California, and on April 20 she participated in an all-day event with firms such as Microsoft and Mozilla that recapped the main cyber vulnerabilities of the last year, including the Heartbleed OpenSSL bug.

After software vendor Codenomicon discovered Heartbleed about a year ago, it took DHS several weeks to scan federal agency networks because of legal haggling. In an effort to greatly expedite the process, the Office of Management and Budget in October gave DHS enhanced authority to scan federal networks. With that enhanced authority and others, Barron-DiCamillo predicted DHS would be able to begin scanning networks within minutes or hours of discovering a future vulnerability similar to Heartbleed.