Cyber threat sharing is now a two-way street between industry, government

One of the more controversial laws passed last year just hit a major milestone. Companies are now officially sharing their cyber threat data with the government.

As of Sept. 12, the Department of Homeland Security’s Automated Indicator Sharing (AIS) capability became a two way exchange of information on malicious cyber acts.

The program comes from the Cybersecurity Information Sharing Act of 2015 (CISA), a law that spooked privacy rights groups and had broad support from the intelligence community.

“We went live in March [with AIS], so you can join right now and get a stream of indicators from the government and you can also submit indicators back to the government,” said Andy Ozment assistant secretary for cybersecurity and communications at DHS during a Sept. 13 speech at the Billington Cybersecurity Summit in Washington. “We have been sending indicators out for the past few months and we now have our first company sending indicators in.”

Advertisement

That company is Anomali, a cybersecurity company based in California.

“The great thing about this is the whole idea of this system is that essentially everybody functions as an early warning system. The moment anybody protects against a bad guy they share it through the system, it’s pumped back out and we’re all protected. It’s great that we have our first company sending information back to us, that’s Anomali, and they work with thousands of companies so they really reflect the input from thousands of companies from across the U.S. and the world,” Ozment told Federal News Radio after his speech.

The company is sending in a wide variety of cyber threat indicators, Ozment said. But, DHS isn’t exactly ready to take on the full array of data. DHS is building up what it can handle slowly so the department can keep an eye on what’s happening.

DHS is receiving data like IP addresses, domain names, hash values and other indicators of compromise, Todd Helfrich, vice president of federal at Anomali told Federal News Radio.

Companies and the government can put a known malicious IP address into a firewall to block attacks from it, for instance.

“At the end of the day our goal is to reduce the adversary dwell time in the networks… we are at 211 days now that an adversary is in a network before they are detected so taking an indicator and matching it within security architecture helps us defend against known adversary activities,” Helfrich said.

Ozment said DHS may have to tweak its system along the way to make sure the automation factor is working correctly along the way. That doesn’t mean there isn’t data that is being used to stop cyber attacks. AIS is still pushing out warnings even though it’s not at its full capability.

“We are adding companies [to AIS] a few at a time as we go and some of this is companies have to do work on their end. Our goal is to grow steadily at a deliberate pace throughout this. Even as we are growing we are hearing from companies throughout this and they are saying ‘Hey let’s tweak this, let’s improve that’ and so we want to grow steadily so we can make those tweaks at the same time and keep improving the service so that it really meets the customers’ needs,” Ozment said.

Helfrich said Anomali sees the data sharing as a public-private partnership. It helps Anomali’s customers by sharing indicators and provides value to DHS. It was driven by Anomali’s customer base.

Of course, not everyone is a fan of indicator sharing.

Opponents of the CISA say the authorities in it can be used as a vehicle for the government to collect more data on private citizens.

While companies are sharing information about cyber threats, a lot of that information also carries personal information on customers. Companies track where people go, what they buy and other data. Critics are skeptical that that information can be parsed from pure cyber threat data.

Senators such as Bernie Sanders (I-Vt.) and Ron Wyden (D-Ore.) have been outspoken critics of the bill.

Tech companies such as Apple and Dropbox also have come out against the bill.

“We don’t support the current CISA proposal,” Apple said in a statement to The Washington Post. “The trust of our customers means everything to us and we don’t believe security should come at the expense of their privacy.”

The Computer and Communications Industry Association, a membership organization for technology companies, opposes CISA.

“CISA’s prescribed mechanism for sharing of cyber threat information does not sufficiently protect users’ privacy or appropriately limit the permissible uses of information shared with the government.  In addition, the bill authorizes entities to employ network defense measures that might cause collateral harm to the systems of innocent third parties,” an Oct. 15 release from the organization states.