Department of Homeland Security and Intelligence Community officials are working to tailor information sharing expectations with industry in the hopes of prioritizing data protection efforts to thwart future cyber threats.
Solidifying private sector partnerships to scale up sharing of data priorities and building threat intelligence confidence with internet service providers (ISPs) and cyber security industry are critical steps for the federal government, according to panelists at Tuesday’s Symantec [SYMC] government symposium.
“If we develop closer partnerships and information creation and sharing relationships with those entities, maybe we can start to stop things and see things before they actually get into asset systems that we’re most concerned about,” said Jeanette Manfra, assistant secretary of DHS’ National Protection and Programs Directorate, during her keynote address.
DHS needs improved data sharing to ensure it can best protect the critical infrastructure it oversees, according to Manfra.
The department hopes to find private sector partners interested in providing analytics and sensor data that can be turned into automated alerts when threats are detected in critical infrastructure systems.
“We’re looking for more and more companies to share their conflicts and their understanding that’s aligned with this understanding of critical infrastructure functions,” Manfra said. “When we talk about information sharing, we’re really trying to understand what are your critical functions…how can we the government understand what that is. Can we boil it down into indicators and can we automate as much as possible those alerts off of those indicators?”
Michael Daniel, who leads the threat sharing forum Cyber Threat Alliance for cyber security companies including Symantec, McAfee and Fortinet [FTNT], believes the federal government must first establish set priorities for information partnerships.
“We’ve been asking the wrong people to share the wrong information. We keep asking most businesses to consume and share threat intelligence like they’re Symantec, like they’re a big cyber security company,” Daniel said during his panel. “Not surprisingly, for most businesses it’s very hard to do that.”
A delineation should be made where cyber security companies and ISPs focus on providing specific threat information, and the rest of participating private sector partners share intelligence information on their relevant business operations.
Daniel pointed to Cyber Threat Alliance’s platform for its members to transfer data at speed and scale. He believes non-cyber specific industry should have their own platform to share information with the government, and receive data in a manner that is more easily processed.
“We have to make a shift in our mindset, change the way we’re going about doing intelligence sharing. Who are we asking to share, what and when? And move that in a direction where we bifurcate it and have the elements that can really focus and make the sharing relevant directly to the needs of businesses. That will make for a much more efficient, effective use of our information sharing,” Daniel said.
Intelligence Community officials are also pushing the need for specificity with sharing information to combat increasingly complex cyber threats.
Sue Gordon, deputy director for the Office of the Director of National Intelligence, urged industry members to not have reservations about sharing sensitive data regarding their operations.
Industry partners may be more tentative regarding the increased risk of handling critical data to the federal government, but IC officials are assuring proper protection of the information according to Gordon.
“[Industry] has much greater awareness of what’s going on inside your network. You have a really interesting collective fence catching a lot of activity that you’re seeing that we don’t,” Gordon said during her keynote address. “We know that the private sector has data that would be useful in combination with ours. The data industry has is incredibly more voluminous and is much more specific.”