CISA's Threat Intelligence Program Was Defective

Uploaded on 2022-09-19 in TECHNOLOGY--Resilience, GOVERNMENT-National, FREE TO VIEW

The US Cybersecurity and Infrastructure Security Agency (CISA) has failed to consistently provide adequate cyber threat indicators to members of an information sharing program, according to a new report from the Office of Inspector General in the Dept. of Homeland Security. The report found that CISA updated guidance when necessary, properly classified cyber threat indicators, and accurately accounted for security clearance provisions in the private sector. 

However, the recipients of CISA'a threat intelligence advice, which includes 52 federal agencies, was at times left without critical contextual information to take appropriate actions. 

CISA's central mission is providing situational awareness of emerging risks to the nation's critical infrastructure. The agency launched the AIS service in 2016 in response to The Cybersecurity Act of 2015, which established a voluntary threat information sharing process between the public and private sectors.

The Department of Homeland Security Office of Inspector General said CISA’s Automated Indicator Sharing (AIS) service, which provides over 300 partners with real-time unclassified cyber threat information and defensive measures, was not always providing participants with the information required to mitigate threats. “Most of the cyber threat indicators did not contain enough contextual information to help decision makers take action,” the IG Report said, attributing the issue to “limited AIS functionality, inadequate staffing and external factors.” 

“The quality of information shared with AIS participants was not always adequate to identify and mitigate cyber threats. According to Federal and private sector entities we interviewed, most of the cyber threat indicators did not contain enough contextual information to help decision makers take action.” 

“Deficiencies in the quality of threat information shared among AIS participants may hinder the federal government’s ability to identify and mitigate potential cyber vulnerabilities and threats,” the report added. 

Real-time contextual information like anomalies in network traffic, Internet Protocol addresses, domain names and hash files can help organisations better protect themselves from future cyber intrusions, the report noted, as in the case of the 2020 SolarWinds supply chain attack. “Although CISA generally increased the number of AIS participants and number of cyber threat indicators shared and received, the quality of the cyber threat indicators was not adequate for participants to take necessary actions... We recommend CISA complete system upgrades, hire needed staff, encourage compliance with information sharing agreements and develop a formal reporting process with quality controls.,” says the Report.

CISA agreed with the recommendations and said it had either fully resolved or was in the process of resolving each issue.  The agency said it was building up contractual resources to better support information sharing initiatives and was anticipating a completion date in January 2023.

CISA:        DHS:         DefenseOne:     FCW

You Might Also Read: 

US Government Will Invest $15 Billion In National Cyber Security:

 

« How to Manage Cybersecurity Staff Shortages
Welcome To NATO - Finland’s Parliament Attacked »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

MIRACL

MIRACL

MIRACL provides the world’s only single step Multi-Factor Authentication (MFA) which can replace passwords on 100% of mobiles, desktops or even Smart TVs.

ZenGRC

ZenGRC

ZenGRC - the first, easy-to-use, enterprise-grade information security solution for compliance and risk management - offers businesses efficient control tracking, testing, and enforcement.

Resecurity, Inc.

Resecurity, Inc.

Resecurity is a cybersecurity company that delivers a unified platform for endpoint protection, risk management, and cyber threat intelligence.

ON-DEMAND WEBINAR: What Is A Next-Generation Firewall (and why does it matter)?

ON-DEMAND WEBINAR: What Is A Next-Generation Firewall (and why does it matter)?

Watch this webinar to hear security experts from Amazon Web Services (AWS) and SANS break down the myths and realities of what an NGFW is, how to use one, and what it can do for your security posture.

NordLayer

NordLayer

NordLayer is an adaptive network access security solution for modern businesses — from the world’s most trusted cybersecurity brand, Nord Security. 

Federal Office For Information Security (BSI)

Federal Office For Information Security (BSI)

The BSI (Bundesamt fur Sicherheit in der Informationstechnik) is the federal cyber security agency and the chief architect of secure digitalisation in Germany.

Cyber Security For Critical Assets (CS4CA)

Cyber Security For Critical Assets (CS4CA)

Cyber Security For Critical Assets is a global series of summits focusing on cyber security for critical infrastructure.

Ideagen

Ideagen

Ideagen provides information management, safety, risk and compliance software solutions that allow organisations to achieve operational excellence, regulatory compliance and reduce risk.

Solana Networks

Solana Networks

Solana Networks is a specialist in IT networking and security.

Tier1Asset (T1A)

Tier1Asset (T1A)

T1A is Europe’s leading IT refurbisher. We offer certified data erasure using blancco on site and at our facilities, providing environmentally sound disposal of your used equipment.

Elron Ventures

Elron Ventures

Elron partner with early stage ventures to build companies that transform lives and industries. Our main areas of focus are enterprise software, cybersecurity, and healthcare.

Resistant AI

Resistant AI

Resistant AI protects against evolving online fraud. We connect the dots to provide a new layer of trust and performance for our clients’ systems.

Havoc Shield

Havoc Shield

Havoc Shield is an all-in-one information security platform that includes everything a growing team needs to secure their remote workforce.

Viakoo

Viakoo

Viakoo is an Enterprise IoT Applications Management company providing performance, security, and compliance. Viakoo enables you to be proactive in maintaining cyber hygiene and protecting your network

Epiphany Systems

Epiphany Systems

Epiphany enhances your defensive security controls by providing you with an offensive perspective. We expose the most likely attack paths to your most critical IT assets and users.

Mainstream Technologies

Mainstream Technologies

Mainstream Technologies is an information technology services firm specializing in custom software development, managed IT services, cybersecurity services and hosting.

LAVAAT

LAVAAT

At LAAVAT, our goal is to make it easy for our customers to build secure IoT devices without a need to invest considerably in embedded security and cryptography expertise.

Intelligent CloudCare

Intelligent CloudCare

Intelligent CloudCare, a division of IPS, is a full IT Services provider serving the needs of SMBs in the metropolitan New York City region.

Google Cloud

Google Cloud

Accelerate your digital transformation. Whether your business is early in its journey or well on its way to digital transformation, Google Cloud can help solve your toughest challenges.

Silent Circle

Silent Circle

Silent Circle is the leader in end-to-end enterprise solutions for secure mobile communications.

TetherView

TetherView

TetherView provides leading virtual desktop and email security technology to help businesses stand up and manage digital workspaces.