Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Vulnerabilities / Threats

4/23/2015
08:30 PM
Connect Directly
Google+
Twitter
RSS
E-Mail
100%
0%

DHS Courts Private Sector For Threat Intelligence-Sharing

Homeland Security NCCIC now STIX- and TAXII-enabled for automated machine-to-machine sharing of intel, agency officials told attendees at the RSA Conference.

RSA CONFERENCE -- San Francisco -- The US Department of Homeland Security doesn't want to "cannibalize" existing cyberthreat-intelligence services and operations, but rather work with and help them thrive, DHS undersecretary for cybersecurity and communications Phyllis Schneck said here yesterday.

Schneck, who works with the National Protection and Programs Directorate of the DHS, in a presentation here, outlined how the DHS National Cybersecurity and Communications Integration Center (NCCIC) will operate as a central repository for threat intel-sharing under the new Executive Order encouraging more sharing of intelligence in the federal government, and between the feds and private industry.

Meanwhile, Congress this week inched closer to delivering cyber security legislation that encourages private industry threat intel-sharing: the US House of Representatives passed two bills in the past two days on cyberthreat-sharing, the Protecting Cyber Networks Act, and the National Cybersecurity Protection Advancement Act, which also provide liability protections to companies and organizations in the private sector that swap threat data with the feds. The Senate is expected to vote on similar legislation next month.  

DHS is on the lookout for security talent as well. DHS Secretary Jeh C. Johnson announced in a keynote here that the agency will open a satellite office in Silicon Valley to tap the technology talent in the region and strengthen ties to the security industry. (Federal law enforcement also was recruiting here: At the FBI booth on the conference show floor, officials were distributing information about cybersecurity job opportunities in the agency's cyber division.)

Schneck said the DHS wants to build trust with the private sector, and leveraging the private sector's talents and views into the threatscape provides the best defense against cyber attackers, she said. But she acknowledged that earning the trust of the business world is no easy feat for the government these days. "This is the hardest time ever for most companies to share with the US government, especially those who have [operations] overseas" as well, she said.

DHS NCCIC officially serves as the central portal for threat intel-sharing. DHS Secretary Johnson announced the that the NCCIC now can deliver and automate threat indicators in machine-readable format.

"Today we are sharing indicators with an initial set of companies and are in the process of adding others. Later this year, we will be in a position to begin to accept cyber threat indicators from the private sector in automated near real-time format," he said. "We have set up the NCCIC as your primary pathway to provide cyber threat indicators to the U.S. government. Yes, the government is trying to make it easy for you." 

[How some intelligence-sharing organizations operate in the face of today's threat landscape. Read ISACs Demystified.]

Schneck noted that DHS is mindful of privacy issues of participants. "The NCCIC is the core of where the cyber raw materials are, not private information. We work closely with privacy experts … which is why we collect enough data to protect and still do it right."

But to truly provide this full picture of the threats, government and the private sector need to share and pool their intelligence data. "The more tools we can put in there, the better awareness we get. We can then use those indicators and push them out, block [threats] and make more educated decisions on what to block and where," she said.

"We cannot do this by ourselves," she said. "You are our customers and also our providers" of intelligence, she said.

The NCCIC now offers machine-to-machine transmission of intel, via the STIX format language protocol and the TAXII delivery protocol. One way to make it harder on the bad guys is having this level of timely situational awareness, according to Schneck.

"We're not just sending a pretty PDF. We're going from PDF-to-person [delivery] to machine-to-machine," she said.

The NCCIC will also provide a barometer and thermometer of the threat "weather," not just flashing lights, she said. "I want to make sure … everyone has access to what the government can bring," even small organizations, which she noted also provide valuable data about adversaries their systems are facing.

ISACs and the new ISAOs will provide aggregated indicators that NCCIC can correlate with its partners to build a bigger picture of the threats. 

Kelly Jackson Higgins is the Executive Editor of Dark Reading. She is an award-winning veteran technology and business journalist with more than two decades of experience in reporting and editing for various publications, including Network Computing, Secure Enterprise ... View Full Bio

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
RetiredUser
50%
50%
RetiredUser,
User Rank: Ninja
4/27/2015 | 12:55:33 PM
Tit for Tat
I'm curious what would be required for an individual or business to gain access to this database, and whether it will be a free model or if this get commercialized. 

Only if the information remains free and open, and the organization itself transparent, will this fully succeed. 

The reason I raise the question of commercialization is that DHS has been sorely underfunded, with something like ~20 DHS projects identified by Congressional investigators as likely to fail or have poor outcomes.

If I recall correctly, a recent report from the Government Accountability Office documented DHS as planning to invest $10+ billion in acquisition programs.  With what money?

Look, if the Snowden effect means a little healthy distrust for Government, that's OK as long as the return on that is a more open Government willing to do tit-for-tat.  Let's see if this program is on the right track in two years and whether the database allows InfoSec as a whole in the US to make noticeable strides against cybercrime.

A good story and one we should all follow closely with great interest.
kbannan100
50%
50%
kbannan100,
User Rank: Moderator
4/24/2015 | 2:19:57 PM
Great news
This is truly great news for the entire security world. It will be interesting to see how it all plays out in the end, but it's certainly a good start. 

--KB
Karen J. Bannan, commenting on behalf of IDG and FireEye.
Data Leak Week: Billions of Sensitive Files Exposed Online
Kelly Jackson Higgins, Executive Editor at Dark Reading,  12/10/2019
Intel Issues Fix for 'Plundervolt' SGX Flaw
Kelly Jackson Higgins, Executive Editor at Dark Reading,  12/11/2019
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
The Year in Security: 2019
This Tech Digest provides a wrap up and overview of the year's top cybersecurity news stories. It was a year of new twists on old threats, with fears of another WannaCry-type worm and of a possible botnet army of Wi-Fi routers. But 2019 also underscored the risk of firmware and trusted security tools harboring dangerous holes that cybercriminals and nation-state hackers could readily abuse. Read more.
Flash Poll
Rethinking Enterprise Data Defense
Rethinking Enterprise Data Defense
Frustrated with recurring intrusions and breaches, cybersecurity professionals are questioning some of the industrys conventional wisdom. Heres a look at what theyre thinking about.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2019-5252
PUBLISHED: 2019-12-14
There is an improper authentication vulnerability in Huawei smartphones (Y9, Honor 8X, Honor 9 Lite, Honor 9i, Y6 Pro). The applock does not perform a sufficient authentication in a rare condition. Successful exploit could allow the attacker to use the application locked by applock in an instant.
CVE-2019-5235
PUBLISHED: 2019-12-14
Some Huawei smart phones have a null pointer dereference vulnerability. An attacker crafts specific packets and sends to the affected product to exploit this vulnerability. Successful exploitation may cause the affected phone to be abnormal.
CVE-2019-5264
PUBLISHED: 2019-12-13
There is an information disclosure vulnerability in certain Huawei smartphones (Mate 10;Mate 10 Pro;Honor V10;Changxiang 7S;P-smart;Changxiang 8 Plus;Y9 2018;Honor 9 Lite;Honor 9i;Mate 9). The software does not properly handle certain information of applications locked by applock in a rare condition...
CVE-2019-5277
PUBLISHED: 2019-12-13
Huawei CloudUSM-EUA V600R006C10;V600R019C00 have an information leak vulnerability. Due to improper configuration, the attacker may cause information leak by successful exploitation.
CVE-2019-5254
PUBLISHED: 2019-12-13
Certain Huawei products (AP2000;IPS Module;NGFW Module;NIP6300;NIP6600;NIP6800;S5700;SVN5600;SVN5800;SVN5800-C;SeMG9811;Secospace AntiDDoS8000;Secospace USG6300;Secospace USG6500;Secospace USG6600;USG6000V;eSpace U1981) have an out-of-bounds read vulnerability. An attacker who logs in to the board m...