Sharing information to prevent cyber attacks wasn’t part of the original mission of the Homeland Security Department, which focused primarily on terrorism and natural disasters like hurricanes. But protecting critical infrastructure was, and as the threat has grown, the department’s mission has expanded to meet it.
DHS’ Automated Information Sharing program is going well, according to Jeanette Manfra, Assistant Secretary of Cybersecurity and Communications in National Protection and Programs Directorate at DHS. She said the program now has more than 200 entities — companies, or information-sharing entities representing multiple businesses — signed up to receive the information DHS shares to help prevent cyber attacks.
And that information is flowing in abundance. Manfra said DHS shares around 45,000 indicators every month through the automated program with both federal and non-federal partners.
“What we’d like to see more of is continuing to push on how do we provide additional context, and what I mean in this case is technical context, where companies can build their receiving system so that they’re automating the action that they’re taking,” Manfra said on DHS 15th Anniversary.
But it’s taken time to get to the elevated levels of trust that DHS enjoys now. The department had to prove the value of the program to attract so many partners.
“We’ve really done a lot of work to understand what is it that’s valuable to industry and to our federal partners? What do they need from us, from a network defense?” Manfra said.
She said that by striving to provide not just raw information, but also timeliness and context to that information, the department has helped to stymie a number of potential threats. She said feedback from partners has indicated that DHS’ information sharing program alerted them to threats they hadn’t been aware of, and allowed them to take steps to put preventative measures in place.
But it’s difficult to place a precise number on what never happened.
“We do believe that we have disrupted some potential significant events. Now it’s always hard to prove a negative, if you will,” Manfra said.
DHS is also looking at applying the principle of automated information sharing to its trusted internet connections, which are part of an initiative to better control the ways in which federal agencies connect to the internet, and make them more secure.
“We have been working on TIC modernization for a fair amount of time, but what we did as a part of the president’s recent cyber executive order and the IT modernization efforts being run out of the American Technology Council is we really see this as a great opportunity to take the initiative that the government is undergoing to modernize our IT, but to also look at it as an opportunity to modernize how we think about security,” Manfra said.
This is part of the department’s preparations of what it calls TIC 3.0. DHS is attempting to address some of the most common agency challenges to using trusted internet connections, including manual reporting.
“We believe we can use the continuous diagnostics and mitigation program to automate the reporting,” Manfra said.
DHS is also looking at tying TIC capabilities to the NIST Cybersecurity Risk Management Framework and improving cloud visibility.
“Lets not retrofit the legacy TIC into the cloud. Lets create a TIC 3.0 that allows us to embrace the way that existing and emerging technologies maintains this visibility but allows us to keep pace,” Manfra said.
DHS will be launching pilots centered around TIC throughout 2018, Manfra said, and agencies should submit proposals to the Office of Management and Budget to be included.
“Lets really rethink the concepts of what we were trying to achieve with TIC, and how do we migrate those concepts into a new environment?” She said.