CISA's Threat Intelligence Program Was Defective

The US Cybersecurity and Infrastructure Security Agency (CISA) has failed to consistently provide adequate cyber threat indicators to members of an information sharing program, according to a new report from the Office of Inspector General in the Dept. of Homeland Security. The report found that CISA updated guidance when necessary, properly classified cyber threat indicators, and accurately accounted for security clearance provisions in the private sector. 

However, the recipients of CISA'a threat intelligence advice, which includes 52 federal agencies, was at times left without critical contextual information to take appropriate actions. 

CISA's central mission is providing situational awareness of emerging risks to the nation's critical infrastructure. The agency launched the AIS service in 2016 in response to The Cybersecurity Act of 2015, which established a voluntary threat information sharing process between the public and private sectors.

The Department of Homeland Security Office of Inspector General said CISA’s Automated Indicator Sharing (AIS) service, which provides over 300 partners with real-time unclassified cyber threat information and defensive measures, was not always providing participants with the information required to mitigate threats. “Most of the cyber threat indicators did not contain enough contextual information to help decision makers take action,” the IG Report said, attributing the issue to “limited AIS functionality, inadequate staffing and external factors.” 

“The quality of information shared with AIS participants was not always adequate to identify and mitigate cyber threats. According to Federal and private sector entities we interviewed, most of the cyber threat indicators did not contain enough contextual information to help decision makers take action.” 

“Deficiencies in the quality of threat information shared among AIS participants may hinder the federal government’s ability to identify and mitigate potential cyber vulnerabilities and threats,” the report added. 

Real-time contextual information like anomalies in network traffic, Internet Protocol addresses, domain names and hash files can help organisations better protect themselves from future cyber intrusions, the report noted, as in the case of the 2020 SolarWinds supply chain attack. “Although CISA generally increased the number of AIS participants and number of cyber threat indicators shared and received, the quality of the cyber threat indicators was not adequate for participants to take necessary actions... We recommend CISA complete system upgrades, hire needed staff, encourage compliance with information sharing agreements and develop a formal reporting process with quality controls.,” says the Report.

CISA agreed with the recommendations and said it had either fully resolved or was in the process of resolving each issue.  The agency said it was building up contractual resources to better support information sharing initiatives and was anticipating a completion date in January 2023.

CISA:        DHS:         DefenseOne:     FCW

You Might Also Read: 

US Government Will Invest $15 Billion In National Cyber Security:

 

« How to Manage Cybersecurity Staff Shortages
Welcome To NATO - Finland’s Parliament Attacked »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

North Infosec Testing (North IT)

North Infosec Testing (North IT)

North IT (North Infosec Testing) are an award-winning provider of web, software, and application penetration testing.

Cyber Security Supplier Directory

Cyber Security Supplier Directory

Our Supplier Directory lists 6,000+ specialist cyber security service providers in 128 countries worldwide. IS YOUR ORGANISATION LISTED?

Clayden Law

Clayden Law

Clayden Law advise global businesses that buy and sell technology products and services. We are experts in information technology, data privacy and cybersecurity law.

Resecurity, Inc.

Resecurity, Inc.

Resecurity is a cybersecurity company that delivers a unified platform for endpoint protection, risk management, and cyber threat intelligence.

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

iStorage

iStorage

iStorage is the leading global provider of PIN Activated, hardware encrypted, portable data storage solutions.

Pervade Software

Pervade Software

Pervade Software is a global provider of dedicated compliance tracking software with monitoring & reporting capabilities.

Bayshore Networks

Bayshore Networks

Bayshore Networks was founded to safely and securely protect Industrial IoT (IIoT) networks, applications, machines and workers from cyber threats.

Quantivate

Quantivate

Quantivate is a provider of web-based Governance, Risk, and Compliance (GRC) software and service solutions.

EuroISPA

EuroISPA

EuroISPA is a pan European association of European Internet Services Providers Associations and the world’s largest association of ISPs.

Maverick Technologies

Maverick Technologies

Maverick is an industrial automation, enterprise integration and operational consulting company. Services include industrial cyber security.

Lacework

Lacework

Lacework brings speed, scale, and automation to cloud security and allows security and DevOps teams to collaborate on keeping data and applications safe.

Horangi

Horangi

Horangi provides security products and services that enable the rapid delivery of Incident Response and threat detection for our customers who lack the scale, expertise, or time to do it themselves.

Uppsala Security

Uppsala Security

Uppsala Security built the first crowdsourced Threat Intelligence platform known as the Sentinel Protocol, which is powered by blockchain technology.

42Gears

42Gears

42Gears is a leading Unified Endpoint Management provider. Secure, monitor and manage tablets, phones, desktops and wearables.

Solidified

Solidified

Solidified is the largest audit platform for smart contracts. Our community has the highest concentration of top Blockchain security specialists and best-in-class code auditors.

BIG Cyber

BIG Cyber

BIG Cyber is a specialized Managed Security Service Provider (MSSP) dedicated to bringing military grade cyber security technology to the gaming industry.

Safe Decision

Safe Decision

Safe Decision is an information technology company offering Cyber Security, Network, and Infrastructure Services and Solutions.

Trickest

Trickest

Trickest enables Enterprises, MSSPs, and Ethical Hackers to build automated offensive security workflows from prototype to production.

Acclaim Technical Services (ATS)

Acclaim Technical Services (ATS)

ATS provide operational products, services and solutions to the defense and intelligence communities for all types of critical mission needs.

IS4IT Kritis

IS4IT Kritis

IS4IT is your partner for the successful planning, introduction and implementation of company-specific information security concepts.