Government , Industry Specific , Next-Generation Technologies & Secure Development
CISA Plans to Improve Threat Data-Sharing Approaches in 2024
US Cyber Agency to Begin 2-Year Major Overhaul of Its Legacy AIS ProgramThe Cybersecurity and Infrastructure Security Agency is planning an overhaul of its threat information sharing program in the coming year aimed at improving collaboration with the private sector and keeping pace with the evolving threat landscape.
See Also: Strengthen Cybersecurity with Zero Trust Principles
The U.S. cyber agency said it will launch a two-year transitionary effort to modernize its approach to enterprise cyberthreat information sharing. The resulting program will replace CISA's Automated Indicator Sharing program, which was created nearly a decade ago to widely exchange machine-readable cyberthreat data.
"When it was first established, AIS was a novel model that helped many organizations around the world," CISA Associate Director Michael Duffy said in a blog post published Monday. "But now, it's time for a change."
Duffy said the agency will refocus its efforts from ensuring strong privacy controls and filling a previously identified gap in cyberthreat intelligence to consolidating its customer-facing cyberthreat intelligence services under a new initiative called Threat Intelligence Enterprise Services. The agency will launch an accompanying TIES Exchange Platform to synchronize its information-sharing capabilities "under a single banner" for federal agencies and key stakeholders.
Duffy said CISA is largely aiming to streamline its threat data-sharing operations to provide more actionable threat data to its partners, focusing on human-centered design principles and creating a new program that can aid under-resourced organizations.
The announcement comes after the Department of Homeland Security Inspector General published a report last year urging CISA to improve its cyberthreat data-sharing capabilities and warning that the AIS program was not always providing adequate information to participants to identify and mitigate cyberthreats.
Michael Daniel, president and CEO of the cyberthreat information sharing nonprofit Cyber Threat Alliance, told Information Security Media Group that "revamping CISA's threat intelligence capabilities makes sense" since the AIS program, as it is currently structured, "does not send the government's most useful information to its recipients."
"If it builds the program properly, CISA can complement the intelligence available through open source and the private sector, adding tremendous value to the ecosystem," Daniel said, adding that CISA should "focus on making the intelligence highly actionable."
The agency plans to "rigorously learn" from challenges within the current AIS system while prioritizing privacy and confidentiality by design in its new program, according to Duffy. CISA's new approach to threat data-sharing will aim to enhance automated cyber defenses with improved sharing and context within the evolving threat landscape.
The Electricity Information Sharing and Analysis Center told ISMG it welcomes the move by CISA to streamline and modernize its cyberthreat data-sharing program, saying the effort will help enhance the cybersecurity posture across critical infrastructure sectors.
The new program "will further enhance timely information sharing, collaboration and coordination, all of which are fundamental to a strong security posture and securing the grid and other sectors against cyberthreats," Manny Cancel, CEO of E-ISAC and senior vice president of the nonprofit North American Electric Reliability Corp., told ISMG.