DHS is busy sharing threat info with the private sector
The National Cybersecurity and Communications Integration Center has deployed automated information sharing of cyber threats with the private sector, and is fielding "red teams" to help agencies protect their networks from APTs.
The Automated Indicator Sharing system, which facilitates machine-to-machine sharing of cyber threat indicators between the federal government and the private sector, is busy.
John Felker, director of the National Cybersecurity and Communications Integration Center, said that AIS was certified to operate on March 17, and already is pushing out between 100 and 150 cybersecurity threat indicators to private industry per day.
So far, the private sector isn't returning the favor.
AIS offers private firms a resource they can build on to bolster their own cybersecurity protections, and to help the federal government by returning their own threat indicators through the system, he said. But very little information has been sent back from private industry to the Department of Homeland Security, Felker said at an April 19 AFFIRM event in Washington, D.C.
Felker says that current levels of industry participation are not surprising, since private firms tend to be cautious and may be taking a "let's see what happens" approach to AIS.
The key to getting companies to participate more fully, he said, is to insure the threat information being sent out is high quality.
"We're learning how to push quality" indicators, Felker said. NCCIC is working on an AIS scoring system that uses a database to score indicators on a one-to-10 scale, with 10 being most critical. The rating system, he said, isn't completely automatic, however.
"We haven't figured out how to take a human out of the loop" because of privacy concerns, Felker said. Companies submitting information can limit the use of their threat reports by indicating they contain sensitive information. Machines that rate the indicators can't make that judgement, so the agency isn't pushing out privacy protected indicators.
Testing APT readiness
On the federal network side, DHS' National Cybersecurity Assessments & Technical Services Offensive Security Assessment "red team" service is currently under trial at three federal agencies, he said. The service, which mimics the stealthy advanced persistent threat groups, offers agencies a change to test their cyber defense skills against threats like the attacks that infiltrated Office of Personnel Management databases in 2015.
In a March 23 presentation to the Information Security and Privacy Advisory Board in Washington, NCCIC officials said they had launched a 90-day trial of the Offensive Security Assessment service with a large federal agency at the beginning of March.
Felker offered an update April 19, saying that three agencies are involved in 90-day trials of the services. "One small, one medium and one large," agency, he said, declining to name the agencies. The trial periods, would be adjusted according to need, he said, and to extend training for both NCCIC and customer-agency personnel to hone their cyber skills.