Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Vulnerabilities / Threats

4/23/2015
08:30 PM
Connect Directly
Google+
Twitter
RSS
E-Mail
100%
0%

DHS Courts Private Sector For Threat Intelligence-Sharing

Homeland Security NCCIC now STIX- and TAXII-enabled for automated machine-to-machine sharing of intel, agency officials told attendees at the RSA Conference.

RSA CONFERENCE -- San Francisco -- The US Department of Homeland Security doesn't want to "cannibalize" existing cyberthreat-intelligence services and operations, but rather work with and help them thrive, DHS undersecretary for cybersecurity and communications Phyllis Schneck said here yesterday.

Schneck, who works with the National Protection and Programs Directorate of the DHS, in a presentation here, outlined how the DHS National Cybersecurity and Communications Integration Center (NCCIC) will operate as a central repository for threat intel-sharing under the new Executive Order encouraging more sharing of intelligence in the federal government, and between the feds and private industry.

Meanwhile, Congress this week inched closer to delivering cyber security legislation that encourages private industry threat intel-sharing: the US House of Representatives passed two bills in the past two days on cyberthreat-sharing, the Protecting Cyber Networks Act, and the National Cybersecurity Protection Advancement Act, which also provide liability protections to companies and organizations in the private sector that swap threat data with the feds. The Senate is expected to vote on similar legislation next month.  

DHS is on the lookout for security talent as well. DHS Secretary Jeh C. Johnson announced in a keynote here that the agency will open a satellite office in Silicon Valley to tap the technology talent in the region and strengthen ties to the security industry. (Federal law enforcement also was recruiting here: At the FBI booth on the conference show floor, officials were distributing information about cybersecurity job opportunities in the agency's cyber division.)

Schneck said the DHS wants to build trust with the private sector, and leveraging the private sector's talents and views into the threatscape provides the best defense against cyber attackers, she said. But she acknowledged that earning the trust of the business world is no easy feat for the government these days. "This is the hardest time ever for most companies to share with the US government, especially those who have [operations] overseas" as well, she said.

DHS NCCIC officially serves as the central portal for threat intel-sharing. DHS Secretary Johnson announced the that the NCCIC now can deliver and automate threat indicators in machine-readable format.

"Today we are sharing indicators with an initial set of companies and are in the process of adding others. Later this year, we will be in a position to begin to accept cyber threat indicators from the private sector in automated near real-time format," he said. "We have set up the NCCIC as your primary pathway to provide cyber threat indicators to the U.S. government. Yes, the government is trying to make it easy for you." 

[How some intelligence-sharing organizations operate in the face of today's threat landscape. Read ISACs Demystified.]

Schneck noted that DHS is mindful of privacy issues of participants. "The NCCIC is the core of where the cyber raw materials are, not private information. We work closely with privacy experts … which is why we collect enough data to protect and still do it right."

But to truly provide this full picture of the threats, government and the private sector need to share and pool their intelligence data. "The more tools we can put in there, the better awareness we get. We can then use those indicators and push them out, block [threats] and make more educated decisions on what to block and where," she said.

"We cannot do this by ourselves," she said. "You are our customers and also our providers" of intelligence, she said.

The NCCIC now offers machine-to-machine transmission of intel, via the STIX format language protocol and the TAXII delivery protocol. One way to make it harder on the bad guys is having this level of timely situational awareness, according to Schneck.

"We're not just sending a pretty PDF. We're going from PDF-to-person [delivery] to machine-to-machine," she said.

The NCCIC will also provide a barometer and thermometer of the threat "weather," not just flashing lights, she said. "I want to make sure … everyone has access to what the government can bring," even small organizations, which she noted also provide valuable data about adversaries their systems are facing.

ISACs and the new ISAOs will provide aggregated indicators that NCCIC can correlate with its partners to build a bigger picture of the threats. 

Kelly Jackson Higgins is the Executive Editor of Dark Reading. She is an award-winning veteran technology and business journalist with more than two decades of experience in reporting and editing for various publications, including Network Computing, Secure Enterprise ... View Full Bio
 

Recommended Reading:

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
RetiredUser
50%
50%
RetiredUser,
User Rank: Ninja
4/27/2015 | 12:55:33 PM
Tit for Tat
I'm curious what would be required for an individual or business to gain access to this database, and whether it will be a free model or if this get commercialized. 

Only if the information remains free and open, and the organization itself transparent, will this fully succeed. 

The reason I raise the question of commercialization is that DHS has been sorely underfunded, with something like ~20 DHS projects identified by Congressional investigators as likely to fail or have poor outcomes.

If I recall correctly, a recent report from the Government Accountability Office documented DHS as planning to invest $10+ billion in acquisition programs.  With what money?

Look, if the Snowden effect means a little healthy distrust for Government, that's OK as long as the return on that is a more open Government willing to do tit-for-tat.  Let's see if this program is on the right track in two years and whether the database allows InfoSec as a whole in the US to make noticeable strides against cybercrime.

A good story and one we should all follow closely with great interest.
kbannan100
50%
50%
kbannan100,
User Rank: Moderator
4/24/2015 | 2:19:57 PM
Great news
This is truly great news for the entire security world. It will be interesting to see how it all plays out in the end, but it's certainly a good start. 

--KB
Karen J. Bannan, commenting on behalf of IDG and FireEye.
COVID-19: Latest Security News & Commentary
Dark Reading Staff 9/25/2020
Hacking Yourself: Marie Moe and Pacemaker Security
Gary McGraw Ph.D., Co-founder Berryville Institute of Machine Learning,  9/21/2020
Startup Aims to Map and Track All the IT and Security Things
Kelly Jackson Higgins, Executive Editor at Dark Reading,  9/22/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
Special Report: Computing's New Normal
This special report examines how IT security organizations have adapted to the "new normal" of computing and what the long-term effects will be. Read it and get a unique set of perspectives on issues ranging from new threats & vulnerabilities as a result of remote working to how enterprise security strategy will be affected long term.
Flash Poll
How IT Security Organizations are Attacking the Cybersecurity Problem
How IT Security Organizations are Attacking the Cybersecurity Problem
The COVID-19 pandemic turned the world -- and enterprise computing -- on end. Here's a look at how cybersecurity teams are retrenching their defense strategies, rebuilding their teams, and selecting new technologies to stop the oncoming rise of online attacks.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-15208
PUBLISHED: 2020-09-25
In tensorflow-lite before versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3.1, when determining the common dimension size of two tensors, TFLite uses a `DCHECK` which is no-op outside of debug compilation modes. Since the function always returns the dimension of the first tensor, malicious attackers can ...
CVE-2020-15209
PUBLISHED: 2020-09-25
In tensorflow-lite before versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3.1, a crafted TFLite model can force a node to have as input a tensor backed by a `nullptr` buffer. This can be achieved by changing a buffer index in the flatbuffer serialization to convert a read-only tensor to a read-write one....
CVE-2020-15210
PUBLISHED: 2020-09-25
In tensorflow-lite before versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3.1, if a TFLite saved model uses the same tensor as both input and output of an operator, then, depending on the operator, we can observe a segmentation fault or just memory corruption. We have patched the issue in d58c96946b and ...
CVE-2020-15211
PUBLISHED: 2020-09-25
In TensorFlow Lite before versions 1.15.4, 2.0.3, 2.1.2, 2.2.1 and 2.3.1, saved models in the flatbuffer format use a double indexing scheme: a model has a set of subgraphs, each subgraph has a set of operators and each operator has a set of input/output tensors. The flatbuffer format uses indices f...
CVE-2020-15212
PUBLISHED: 2020-09-25
In TensorFlow Lite before versions 2.2.1 and 2.3.1, models using segment sum can trigger writes outside of bounds of heap allocated buffers by inserting negative elements in the segment ids tensor. Users having access to `segment_ids_data` can alter `output_index` and then write to outside of `outpu...