DHS stands up public-private cyber info sharing platform

DHS stands up public-private cyber info sharing platform

The Department of Homeland Security has officially turned on its “See Something, Say Something” tool, which lets the government and private sector exchange cybersecurity threat information at machine speed, allowing program participants to mitigate cyber threats in near-real-time.

At the official announcement, DHS Secretary Jeh Johnson called Automated Indicator Sharing the centerpiece of efforts at the National Cybersecurity and Communications Integration Center, a situational awareness operation that works with both public and private sector partners to “build awareness of vulnerabilities, incidents and mitigations."

AIS will connect participating organizations to allow bidirectional sharing of cyber threat indicators, as well as the sharing of threat indicators partners have observed in their own networks.  The system is designed to work via machine-to-machine connections that share threat information in a common format over a common platform. The DHS Structured Threat Information eXchange, dubbed STIX, is the venue for conveying threat information on a machine-to-machine basis. The common platform is TAXII (for Trusted Automated eXchange of Indicator Information) to which participants connect to share threat information.

The new resource will be available to critical infrastructure providers; state, local, tribal and territorial governments; federal agencies; information sharing and analysis centers; and select foreign partners.  Cyber and industrial control systems users can subscribe to information products, feeds and services at no cost.

Building out the partner network will take time, however. “This is going to be a gradual process,” DHS Assistant Secretary for Cybersecurity and Communications Andy Ozment told the Wall Street Journal. “It’s not our intent on Day One to serve every company in the nation.”

“This system will serve as the ‘See Something, Say Something’ of the Internet,” DHS officials said, noting that all members will see when a threat is flagged by a single participant, which will strengthen cyber threat management.  

The information sharing concept was a cornerstone of the Cybersecurity Information Sharing Act, signed at the end of last year.  The legislation directed the department to meet certain information sharing standards, including the launch of AIS.

About the Author

Mark Pomerleau is a former editorial fellow with GCN and Defense Systems.


  • Records management: Look beyond the NARA mandates

    Pandemic tests electronic records management

    Between the rush enable more virtual collaboration, stalled digitization of archived records and managing records that reside in datasets, records management executives are sorting through new challenges.

  • boy learning at home (Travelpixs/Shutterstock.com)

    Tucson’s community wireless bridges the digital divide

    The city built cell sites at government-owned facilities such as fire departments and libraries that were already connected to Tucson’s existing fiber backbone.

Stay Connected