CISA's Threat Intelligence Program Was Defective

Uploaded on 2022-09-19 in TECHNOLOGY--Resilience, GOVERNMENT-National, FREE TO VIEW

The US Cybersecurity and Infrastructure Security Agency (CISA) has failed to consistently provide adequate cyber threat indicators to members of an information sharing program, according to a new report from the Office of Inspector General in the Dept. of Homeland Security. The report found that CISA updated guidance when necessary, properly classified cyber threat indicators, and accurately accounted for security clearance provisions in the private sector. 

However, the recipients of CISA'a threat intelligence advice, which includes 52 federal agencies, was at times left without critical contextual information to take appropriate actions. 

CISA's central mission is providing situational awareness of emerging risks to the nation's critical infrastructure. The agency launched the AIS service in 2016 in response to The Cybersecurity Act of 2015, which established a voluntary threat information sharing process between the public and private sectors.

The Department of Homeland Security Office of Inspector General said CISA’s Automated Indicator Sharing (AIS) service, which provides over 300 partners with real-time unclassified cyber threat information and defensive measures, was not always providing participants with the information required to mitigate threats. “Most of the cyber threat indicators did not contain enough contextual information to help decision makers take action,” the IG Report said, attributing the issue to “limited AIS functionality, inadequate staffing and external factors.” 

“The quality of information shared with AIS participants was not always adequate to identify and mitigate cyber threats. According to Federal and private sector entities we interviewed, most of the cyber threat indicators did not contain enough contextual information to help decision makers take action.” 

“Deficiencies in the quality of threat information shared among AIS participants may hinder the federal government’s ability to identify and mitigate potential cyber vulnerabilities and threats,” the report added. 

Real-time contextual information like anomalies in network traffic, Internet Protocol addresses, domain names and hash files can help organisations better protect themselves from future cyber intrusions, the report noted, as in the case of the 2020 SolarWinds supply chain attack. “Although CISA generally increased the number of AIS participants and number of cyber threat indicators shared and received, the quality of the cyber threat indicators was not adequate for participants to take necessary actions... We recommend CISA complete system upgrades, hire needed staff, encourage compliance with information sharing agreements and develop a formal reporting process with quality controls.,” says the Report.

CISA agreed with the recommendations and said it had either fully resolved or was in the process of resolving each issue.  The agency said it was building up contractual resources to better support information sharing initiatives and was anticipating a completion date in January 2023.

CISA:        DHS:         DefenseOne:     FCW

You Might Also Read: 

US Government Will Invest $15 Billion In National Cyber Security:

 

« How to Manage Cybersecurity Staff Shortages
Welcome To NATO - Finland’s Parliament Attacked »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

Resecurity, Inc.

Resecurity, Inc.

Resecurity is a cybersecurity company that delivers a unified platform for endpoint protection, risk management, and cyber threat intelligence.

Alvacomm

Alvacomm

Alvacomm offers holistic VIP cybersecurity services, providing comprehensive protection against cyber threats. Our solutions include risk assessment, threat detection, incident response.

BackupVault

BackupVault

BackupVault is a leading provider of automatic cloud backup and critical data protection against ransomware, insider attacks and hackers for businesses and organisations worldwide.

LockLizard

LockLizard

Locklizard provides PDF DRM software that protects PDF documents from unauthorized access and misuse. Share and sell documents securely - prevent document leakage, sharing and piracy.

ON-DEMAND WEBINAR: What Is A Next-Generation Firewall (and why does it matter)?

ON-DEMAND WEBINAR: What Is A Next-Generation Firewall (and why does it matter)?

Watch this webinar to hear security experts from Amazon Web Services (AWS) and SANS break down the myths and realities of what an NGFW is, how to use one, and what it can do for your security posture.

AlAnsari Technical Solutions (ATS)

AlAnsari Technical Solutions (ATS)

ATS is a Kuwait based company specialised in delivering hardware/software, Virtualisation, IP Telephony / Unified Communication, Networking and professional IT services and solutions.

Cyber Security Malta

Cyber Security Malta

Cyber Security Malta is part of Malta's National Cyber Security Strategy which aims to combat cybercrime, strengthen national cyber defence and provide cyber security awareness and education.

Squalio

Squalio

Squalio is an information technology group that delivers solutions and services for secure and effective IT management.

Reed

Reed

reed.co.uk is a leading job site in the UK, providing a full online service for anyone looking for a new job.

MazeBolt Technologies

MazeBolt Technologies

Israel-based MazeBolt is an innovation leader in cybersecurity, with over two decades of experience in pioneering DDoS protection solutions.

Zephyr Project

Zephyr Project

The Zephyr Project strives to deliver the best-in-class RTOS for connected resource-constrained devices, built to be secure and safe.

BitTrap

BitTrap

BitTrap helps companies worldwide detect attackers and put an early end to breaches, preventing data exfiltration and ransomware altogether.

Abu Dhabi Gov Digital

Abu Dhabi Gov Digital

Gov Digital (formerly Abu Dhabi Digital Authority - ADDA) enable, support and deliver a digital government that is proactive, personalised, collaborative and secure.

Chartered Institute of Information Security (CIISec)

Chartered Institute of Information Security (CIISec)

CIISec is dedicated to helping individuals and organisations develop capability and competency in cyber security.

Omega Systems

Omega Systems

Omega Systems is a leading managed service provider (MSP) and managed security service provider (MSSP) to mid-market organizations.

CYGNVS

CYGNVS

CYGNVS is a guided cyber crisis response platform providing anytime, anyplace access. A SaaS platform for cyber crisis management – a safe way to connect and control your response.

NexGen Cyber

NexGen Cyber

NexGen Cyber helps customers in commercial SMB markets with IT security, security integration, service management, outsourced service transition, and transformative security solutions.

X-Analytics

X-Analytics

X-Analytics is a cyber risk analytics application to create a better way for organizations to understand and manage cyber risk.

Flawnter

Flawnter

Flawnter is a security testing software that finds hidden security and quality flaws in your applications.

Invisily

Invisily

Invisily makes enterprise and cloud computing resources invisible to attackers with zero trust solutions, making them visible only when needed to only those who need them.

Permiso Security

Permiso Security

Permiso combines industry leading Identity Security Posture Management with Identity Threat Detection and Response, leaving no place to hide for identity threats lurking in your environment.