The Department of Homeland Security continues to share unique cyber threat indicators with the private sector and is working to improve the quality of that information but industry’s level of sharing cyber security threat signatures with the government continues to lag, a department official said on Thursday.
“What we’re not seeing and what we’d like to see more of is the private sector sharing back into the Automated Indicator Sharing (AIS) system so that we can then again, push those indicators out to the broad cyber network defense community so we can get what we know is bad off the networks,” said Rick Driggers, deputy assistant secretary for Cybersecurity & Communications at DHS.
The AIS system was activated by DHS in March 2016 and allows for real-time sharing of cyber threat indicators among the department and federal civilian agencies, international governments, and the private sector. In addition to federal agencies, there are currently 11 foreign governments and several hundred private sector entities hooked up to the AIS portal, Driggers said at a conference in Washington, D.C., sponsored by the cyber security firm FireEye [FEYE].
In the last two years, DHS has shared about 1.8 million unique cyber threat indicators that it has gathered from international partners, federal agencies, and the private sector, Driggers said. A department spokesman later told Defense Daily that DHS has now shared over 3 million unique indicators through the AIS.
Driggers noted that industry groups such as the Information Sharing and Analysis Centers and the Cyber Threat Alliance also share indicators through their networks.
In part, some companies haven’t shared cyber threat information through the AIS due to concerns about how the government will handle the data, even though Congress in 2015 approved, and then President Barack Obama signed, legislation giving industry limited liability protections to incentivize the sharing of cyber threat signatures. The private sector is also frustrated with the quality of the data it receives from DHS, complaining that the indicators lack context and aren’t always actionable.
Driggers said that DHS has been listening and will continue to.
“We’re making some changes to the automated indicator sharing system so that we’re providing more context around the indicators” and is also providing more information so that “you can understand the quality of the indicators as well,” Driggers said.
DHS wants the private sector to continue providing feedback so that the department can continue to improve the quality of the data it shares, he said.
Another area where DHS wants industry’s help is in automating cyber security in devices, Driggers said.
“The individuals and the companies and the government that are buying those type of devices are going to have to demand that happens,” Driggers said.
Driggers said his office has three priorities over the next few years. The first is building a cyber security workforce for the nation, saying there are 300,000 unfilled cyber security positions across the U.S. and cited a report saying that number will be 1 million worldwide come 2026.
The second priority to drive down “systemic and catastrophic” cyber security risks to owners and operators of critical infrastructure, he said. This includes understanding risks within supply chains, he said.
The final priority is “collective defense,” which involves getting “the entire nation engaged” in cyber defense, Driggers said. Collective defense comes down to better information sharing, including making greater use of the AIS, and changing the culture of security in the cyber domain, he said.