The Cybersecurity and Infrastructure Security Agency plans to have a national strategy in place to increase the quality of cyber threat information shared by all parties within the year.
“CISA will build its national cyber threat information sharing strategy in collaboration and coordination with its partners and stakeholders,” reads the agency’s response to a recent Department of Homeland Security Inspector General report on the issue. “This national strategy is projected to be completed during the fourth quarter of FY 2021. The estimated completion date is September 30, 2021.”
The IG found that while CISA had implemented the basic requirements of a 2015 information sharing law—critics at the time decried the Cybersecurity Information Sharing Act as being more about surveillance than security—it made “limited progress” on that front during 2017 and 2018. While there were a lot of participants willing to take relevant information, there were very few willing to give it, the report said, leading to poor overall quality of the data in CISA’s Automated Indicator Sharing system.
“The limited number of participants that share cyber threat information in AIS is the primary impediment to achieving better quality and more actionable information sharing,” the IG said. “Although CISA increased the number of AIS program participants (information consumers) by 142 percent between 2016 and 2018, this did not equate to an increase in the number of information producers.”
The report notes that only 2 of 188 AIS participants (1%) shared cyber indicators with CISA in 2017, and only 9 of 252 participants (3%) shared indicators in 2018. Nextgov reported that the private sector in particular, which is often privy to the most valu ..
Support the originator by clicking the read the rest link below.
