FBI seeks cyber threat info-sharing platform
- By Mark Pomerleau
- May 13, 2015
The FBI is looking to bolster its cybersecurity intelligence gathering, monitoring and sharing abilities. A recent sources sought notice for the FBI’s National Cyber Investigative Joint Task Force calls for a Threat Intelligence Platform (TIP) that aggregates data from public and private sources, automatically extracts observables and enriches the extracted data with third-party datasets such as geolocation systems or IP address information.
In order to foster information sharing, the TIP should be a collaborative platform capable of ingesting and exporting data collected to trusted partners using the Structured Threat Information eXpression (STIX) format. Additionally, the new platform should have a search function and filter capability as well as a robust application programming interface.
The FBI requested that the TIP allow analysts to easily visualize tabular data to identify connections that cannot be otherwise identified. Automatic alerts should notify users of new information posted to preselected intrusion sets, and automatic dataset queries should help analysts quickly identify relationships.
Additionally, the platform should also support large-scale incident response by allowing users to establish the ability to identify information/intelligence related to a particular incident (either through tagging or establishing an incident).
The solicitation also outlines future enhancements for a TIP system, which should include flexible reporting to allow for queries and filters based on available data and the flexibility to enrich data with current data stores.
Responses are due May 22.
Mark Pomerleau is a former editorial fellow with GCN and Defense Systems.