Industry is increasingly participating and sharing information with the Department of Homeland Security (DHS) as part of a cyber security information sharing program between the department and various industry sectors, a DHS official tells HSR.
Companies and Information Sharing and Analysis Centers (ISACs) continue to join and participate in the Cyber Security and Information Sharing Collaboration Program (CISCP) and are actively submitting information about cyber intrusions, says Jenny Manna, director of the Stakeholder Engagement and Cyber Infrastructure Resilience division within the National Protection and Programs Directorate, Office of Cybersecurity and Communications (CS&C). ISACs represent different industry sectors, such as finance, electricity, water and others, to serve as forums to collaborate on critical security threats.
DHS is developing metrics to better measure the success of its CISCP program, which became a program about a year ago following an 18-month pilot that included the Defense Department and the Financial Services ISAC. The CISCP program is modeled on the Defense Department’s cyber security information sharing program with the defense industrial base, called the DIB Cyber Security and Information Assurance Program.
While the metrics are still in review, the increasing percentage of CISCP participants that are “actively making submissions to us, because that is a measure of trust and a measure of value that they see,” shows that they value the program, Manna says. Industry is also actively making requests for additional information, which “again shows that somebody is looking at and using the information,” she says.
As of January 2012, the CISCP program had 35 agreements in place with various organizations and another 53 were in the negotiation process.
Manna also believes that companies and organizations trust DHS and each other in terms of a willingness to share information.
“We seen things from some of the participants that nobody has seen anywhere else because there’s different attack trends and different sectors,” Manna says. “We are absolutely finding information that we have not seen before as government that are things that are happening in industry, so it’s been very valuable, and we have also observed great value for the participants in them sharing with each other.”
In addition to receiving information from and providing it to industry, DHS also receives information from the Defense Department related to what they are seeing on their networks, Manna says.
The information that DHS provides the CISCP participants is through various Indicator Bulletins and Analysis Bulletins and also Priority Alerts. The information that is shared through the program is sensitive but unclassified. Manna says the information it receives, is made anonymous before it is shared back with the program participants.
The program also has analyst to analyst exchanges between the various participants, she says.
Currently the information products that DHS produces aren’t shared in real-time, which Manna says is difficult. Instead the department sends out its products at least weekly.
“One area we’re working on is improving the format of the information we share,” she says. “We want it to be machine readable. You want to increase that machine readability to make the process more automated but the reality of real-time information sharing is something that is well down the road, even government agency to government agency.”