DHS sees a wave of information sharing as the key to raising all cyber boats

Wednesday - 2/5/2014, 1:45pm EST

Ask_the_CIO_0206

Download mp3

The Homeland Security Department is trying to raise all boats as the wave of cyber threats and attacks continues to increase.

The goal is to strengthen both private and public sector computer networks by bringing everyone up to at least the same basic level of security.

Phyllis Schneck, the deputy undersecretary for cybersecurity in the National Protection and Programs Directorate at DHS, said when everyone exercises better cybersecurity, there is more data to pull from so the understanding of the threats and vulnerabilities increases.

"There also are more cyber indicators and at a high level, if you imagine when Internet traffic moves, it has a destination, origination and some information to help it travel. We are suggesting some protocols that DHS has already built and some sectors have started to adopt that will send information about the security of the traffic that it's carrying so when it arrives your computer will know whether to use it," Schneck said. "This is what can help our National Cybersecurity Communications and Integration Center mitigate [these threats] through that common operating picture of cyber [by] receiving a lot of these indicators at the speed that machine traffic travels. It can actually help identify where botnets are by certain patterns. This is the science the private sector already uses, and combined with government data, this is the science that can take response from hours to minutes."

Over the last five years, DHS has been building toward this ultimate goal of public-private information sharing of cyber data. A recent DHS inspector general report found the agency has made progress in several areas, but does need to come up with a standard set of incident reporting categories.

It took over the Defense Industrial Base pilot from the Defense Department in 2012. It's now called the Enhanced Cybersecurity Services (ECS) program. DHS also will launch later this month a voluntary cybersecurity program as required by President Barack Obama's cybersecurity Executive Order from February 2013.

The department also launched the Einstein 3 program and is just getting started with the implementation of continuous diagnostics and mitigation (CDM) tools to better secure government networks.

All of this data will help inform in near real-time the cyber threats and risks agencies and companies face every day.

Schneck said the more people participating in the online ecosystem, the more data is generated and the better analysts can understand what's happening.

She said the ECS program, which shares classified cyber threat data with qualified companies, is growing.

"We are over the hump of the building part and we are looking at the equations of how do you create the atmosphere where you can handle that kind of information appropriately according to law?" she said. "Looking toward the future, I can't emphasize enough how much value there is in the unclassified data that is in the private sector that is yet untapped. That's part of the reason why the information sharing is so important and the trust is so important. When you combine that with our ability to also use classified counter-measures, that's a very powerful weapon that we have against those who want to do us harm. It's also a great way to make everyone more secure so your best minds can be used to hunt for the very, very harmful attacks that we don't yet have technology to fight."

As for the future of ECS, Schneck said the collaboration with private sector providers and the NCCIC will lead to a better, self-healing systems.

"Just like your body fights a cold, your body doesn't have a meeting to fight a cold. It sees something bad and attacks it. What we want to do electronically is what your body does biologically, create that ecosystem, that immune system, but take it one step further," she said. "We cannot only fight the attack, but warn everyone else about it in milliseconds. When you ask the vision, hours to milliseconds to self-mitigation, making it so it's more clear to see the very harmful attacks that admittedly no one can yet fight."

She said the NCCIC will continue to grow to support more partners in the critical infrastructure as well as improve its analytics capabilities in order to warn of threats at machine speeds.

"What we have to do is tie it together. What we know. What the private sector knows to create that common operating picture," Schneck said. "To understand what is the exact metric by which we measure success. What is the metrics that determine the value of the classified counter measure and the cost of delivering and caring for that classified information, which is rather high. What are the metrics around the value of that versus open source information and how do we balance the use of those."

RELATED STORIES:

DHS revs up its part of the cyber executive order

DHS finds classified cyber sharing program slow to take off

DHS faces challenges in coordinating cyber efforts across government

Lawmakers model latest cyber bill after DoD information sharing pilot