DHS Courts Private Sector For Threat Intelligence-Sharing

  /     /     /  
Publicated : 22/11/2024   Category : security


DHS Courts Private Sector For Threat Intelligence-Sharing


Homeland Security NCCIC now STIX- and TAXII-enabled for automated machine-to-machine sharing of intel, agency officials told attendees at the RSA Conference.



RSA CONFERENCE -- San Francisco -- The US Department of Homeland Security doesnt want to cannibalize existing cyberthreat-intelligence services and operations, but rather work with and help them thrive, DHS undersecretary for cybersecurity and communications Phyllis Schneck said here yesterday.
Schneck, who works with the National Protection and Programs Directorate of the DHS, in a presentation here, outlined how the DHS National Cybersecurity and Communications Integration Center (NCCIC) will operate as a central repository for threat intel-sharing under the new Executive Order encouraging more sharing of intelligence in the federal government, and between the feds and private industry.
Meanwhile, Congress this week inched closer to delivering cyber security legislation that encourages private industry threat intel-sharing: the US House of Representatives passed two bills in the past two days on cyberthreat-sharing, the Protecting Cyber Networks Act, and the National Cybersecurity Protection Advancement Act, which also provide liability protections to companies and organizations in the private sector that swap threat data with the feds. The Senate is expected to vote on similar legislation next month.  
DHS is on the lookout for security talent as well. DHS Secretary Jeh C. Johnson announced in a keynote here that the agency will open a satellite office in Silicon Valley to tap the technology talent in the region and strengthen ties to the security industry. (Federal law enforcement also was recruiting here: At the FBI booth on the conference show floor, officials were distributing information about cybersecurity job opportunities in the agencys cyber division.)
Schneck said the DHS wants to build trust with the private sector, and leveraging the private sectors talents and views into the threatscape provides the best defense against cyber attackers, she said. But she acknowledged that earning the trust of the business world is no easy feat for the government these days. This is the hardest time ever for most companies to share with the US government, especially those who have [operations] overseas as well, she said.
DHS NCCIC officially serves as the central portal for threat intel-sharing. DHS Secretary Johnson announced the that the NCCIC now can deliver and automate threat indicators in machine-readable format.
Today we are sharing indicators with an initial set of companies and are in the process of adding others. Later this year, we will be in a position to begin to accept cyber threat indicators from the private sector in automated near real-time format, he said. We have set up the NCCIC as your primary pathway to provide cyber threat indicators to the U.S. government. Yes, the government is trying to make it easy for you. 
[How some intelligence-sharing organizations operate in the face of todays threat landscape. Read
ISACs Demystified
.]
Schneck noted that DHS is mindful of privacy issues of participants. The NCCIC is the core of where the cyber raw materials are, not private information. We work closely with privacy experts … which is why we collect enough data to protect and still do it right.
But to truly provide this full picture of the threats, government and the private sector need to share and pool their intelligence data. The more tools we can put in there, the better awareness we get. We can then use those indicators and push them out, block [threats] and make more educated decisions on what to block and where, she said.
We cannot do this by ourselves, she said. You are our customers and also our providers of intelligence, she said.
The NCCIC now offers machine-to-machine transmission of intel, via the STIX format language protocol and the TAXII delivery protocol. One way to make it harder on the bad guys is having this level of timely situational awareness, according to Schneck.
Were not just sending a pretty PDF. Were going from PDF-to-person [delivery] to machine-to-machine, she said.
The NCCIC will also provide a barometer and thermometer of the threat weather, not just flashing lights, she said. I want to make sure … everyone has access to what the government can bring, even small organizations, which she noted also provide valuable data about adversaries their systems are facing.
ISACs and the new ISAOs will provide aggregated indicators that NCCIC can correlate with its partners to build a bigger picture of the threats. 

Last News

▸ Scan suggests Heartbleed patches may not have been successful. ◂
Discovered: 23/12/2024
Category: security

▸ IoT Devices on Average Have 25 Vulnerabilities ◂
Discovered: 23/12/2024
Category: security

▸ DHS-funded SWAMP scans code for bugs. ◂
Discovered: 23/12/2024
Category: security


Cyber Security Categories
Google Dorks Database
Exploits Vulnerability
Exploit Shellcodes

CVE List
Tools/Apps
News/Aarticles

Phishing Database
Deepfake Detection
Trends/Statistics & Live Infos



Tags:
DHS Courts Private Sector For Threat Intelligence-Sharing