The Department of Homeland Security (DHS) is sharing information about cyber threats with its federal partners, state and local agencies and the private sector through a wide range of channels but the effectiveness of the sharing needs to be improved, the department’s Inspector General says in a report released yesterday.
The report says that “more sharing and coordination efforts are needed to address cyber threats in a timely and synchronized manner.” For example, it says some agencies have very little access to classified cyber threat information and that DHS itself “has limited control over the classified cyber threat and tear line information it receives.”
A problem for DHS is that because it is not the “originator” of a lot of the classified information, it is prohibited from providing specifics to other agencies, says the report. “As a result, many DHS partners and customers are not receiving the cyber threat information needed to take proper action.”
The problem for some federal agencies is that they don’t have certain systems that are used for transmitting secret and top secret information, and their senior information technology officials lack the proper security clearances, says a redacted version of the report, Review of the Department of Homeland Security’s Capability to Share Cyber Threat Information (OIG-11-117).
Officials from the agencies that the IG interviewed who receive cyber threat information from DHS all said that the sharing was effective but that their concerns had to do with access to the classified threat information.
These officials also said that the inability to obtain sufficient funding from their leadership was the “main obstacle” to getting access to the classified cyber information because “they believed the cost outweighs the benefits,” the report says. One official told the IG that it is hard to make the case to get the funding because DHS doesn’t provide threat information “tailored to the agency’s specific needs, which would have greatly increased their value.”
As for the private sector, most representatives interviewed by the IG say that DHS has improved its information sharing and coordination efforts the past few years, but that concerns regarding collaboration, timeliness and quality remain.
“As a result, private sector companies often use their own tools to share, analyze and exchange cyber threat information within their sectors, rather than collaborating with DHS,” the IG says.
The IG recommends that the DHS Intelligence and Analysis office work with the Director of National Intelligence on a policy the enables DHS to release and share cyber threat information with the intelligence community, other federal agencies and the private sector.
Recommendations from the private sector include DHS getting them cyber threat information sooner “to allow for prompt response and mitigation,” getting threat products customized to their industry sector, which saves time in having to determine whether the “products pertain to their sector,” providing industry with “actionable recommendations” to mitigate threats or incidents, and provide guidance on how classified and sensitive threat information can be shared within global companies, the report says.