DHS stands up public-private cyber info sharing platform
- By Mark Pomerleau
- Mar 30, 2016
The Department of Homeland Security has officially turned on its “See Something, Say Something” tool, which lets the government and private sector exchange cybersecurity threat information at machine speed, allowing program participants to mitigate cyber threats in near-real-time.
At the official announcement, DHS Secretary Jeh Johnson called Automated Indicator Sharing the centerpiece of efforts at the National Cybersecurity and Communications Integration Center, a situational awareness operation that works with both public and private sector partners to “build awareness of vulnerabilities, incidents and mitigations."
AIS will connect participating organizations to allow bidirectional sharing of cyber threat indicators, as well as the sharing of threat indicators partners have observed in their own networks. The system is designed to work via machine-to-machine connections that share threat information in a common format over a common platform. The DHS Structured Threat Information eXchange, dubbed STIX, is the venue for conveying threat information on a machine-to-machine basis. The common platform is TAXII (for Trusted Automated eXchange of Indicator Information) to which participants connect to share threat information.
The new resource will be available to critical infrastructure providers; state, local, tribal and territorial governments; federal agencies; information sharing and analysis centers; and select foreign partners. Cyber and industrial control systems users can subscribe to information products, feeds and services at no cost.
Building out the partner network will take time, however. “This is going to be a gradual process,” DHS Assistant Secretary for Cybersecurity and Communications Andy Ozment told the Wall Street Journal. “It’s not our intent on Day One to serve every company in the nation.”
“This system will serve as the ‘See Something, Say Something’ of the Internet,” DHS officials said, noting that all members will see when a threat is flagged by a single participant, which will strengthen cyber threat management.
The information sharing concept was a cornerstone of the Cybersecurity Information Sharing Act, signed at the end of last year. The legislation directed the department to meet certain information sharing standards, including the launch of AIS.
Mark Pomerleau is a former editorial fellow with GCN and Defense Systems.