DHS Can Improve Cyber Threat Information Sharing
6 Nov 2017
In a newly released report, the Department of Homeland Security (DHS) Office of Inspector General (OIG) found that while DHS has established a process for sharing cyber threat information between the Federal government and the private sector, improvements are still needed.
DHS has developed the capability to share cyber threat information and defensive measures among Federal, state, local, tribal, and territorial governments; the private sector; information sharing analysis centers and organizations; and foreign government companies. DHS has also properly classified cyber threat indicators and defensive measures and accounted for the security clearances of private sector recipients who receive such information.
Despite this progress, DHS still faces challenges to effectively share cyber threat information across Federal and private sector entities. DHS’ system is focused on volume, velocity, and timeliness of information but does not provide the quality, contextual data needed to effectively defend against ever-evolving threats. Because the system is automated with pre-determined data fields, it may not always provide adequate information regarding specific incidents, tactics, techniques, and procedures that unauthorized users used to exploit software vulnerabilities. Given these limitations, Federal and private sector partners sometimes rely on other systems or participate in other DHS information sharing programs to obtain quality cyber threat data. Moreover, the unclassified and classified databases and repositories are not integrated, restricting analysts’ ability to compile complete situational awareness of potential threats.
Finally, DHS should also enhance its outreach to increase participation and improve information sharing. We made five recommendations for the National Protection Programs Directorate to improve its information sharing capability. “DHS needs to ensure that cyber threat information sharing between federal and private partners is effective,” said Inspector General John Roth. “The improvements we are recommending today should increase participation and enhance DHS’ ability to analyze, coordinate, and share cyber threat information.”