Andy Ozment, assistant secretary for cybersecurity and communications at the Department of Homeland Security, said today that DHS has completed the necessary work to enable sharing of cybersecurity threat indicators between the government and private sector entities, and said it was time for the private sector to step up and sharing more threat data.
Speaking at a meeting of the federally-chartered Information Security and Privacy Advisory Board, Mr. Ozment recapped DHS efforts to create its Automated Indicator Sharing (AIS) portal, which responds to the requirements of the Cybersecurity Information Sharing Act of 2015 that became law in December 2015.
The AIS initiative, DHS has said, aims to enable the timely exchange of cyber threat indicators among the federal government, the private sector, and non-federal entities, by enabling DHS’s National Cybersecurity and Communications Integration Center (NCCIC) to receive indicators from the government and the private sector, remove unnecessary personally identifiable information, and then disseminate the indicators to other federal agencies and the private sector.
“We now have the system in place,” Mr. Ozment said today. “We have put the plumbing system in place . . . now we have to put in the pipes.”
DHS, he said, has worked out several issues related to how the indicators are shared, including cutting the amount of required data fields for submitted indicators, developing a system to flag indicators that may appear to be more interesting among the larger universe of indicators that are shared, and developing “reputational scores” for the more interesting indicators.
He said there are about a dozen private-sector parties that are now using the AIS portal, and that “we’ll grow it from there.”
As for growth in the private-sector user base, “there is a degree to which this is on the private sector,” Mr. Ozment said. “We need companies to sign up and not just receive indicators but share indicators,” he said. “We want companies to sign up.”
He added that many small and medium-sized businesses will end up receiving threat data from the AIS system through service providers that they engage for that purpose. Larger companies, however, “want to get closer to the data,” he said. – John Curran, firstname.lastname@example.org