CISA's Threat Intelligence Program Was Defective

Uploaded on 2022-09-19 in TECHNOLOGY--Resilience, GOVERNMENT-National, FREE TO VIEW

The US Cybersecurity and Infrastructure Security Agency (CISA) has failed to consistently provide adequate cyber threat indicators to members of an information sharing program, according to a new report from the Office of Inspector General in the Dept. of Homeland Security. The report found that CISA updated guidance when necessary, properly classified cyber threat indicators, and accurately accounted for security clearance provisions in the private sector. 

However, the recipients of CISA'a threat intelligence advice, which includes 52 federal agencies, was at times left without critical contextual information to take appropriate actions. 

CISA's central mission is providing situational awareness of emerging risks to the nation's critical infrastructure. The agency launched the AIS service in 2016 in response to The Cybersecurity Act of 2015, which established a voluntary threat information sharing process between the public and private sectors.

The Department of Homeland Security Office of Inspector General said CISA’s Automated Indicator Sharing (AIS) service, which provides over 300 partners with real-time unclassified cyber threat information and defensive measures, was not always providing participants with the information required to mitigate threats. “Most of the cyber threat indicators did not contain enough contextual information to help decision makers take action,” the IG Report said, attributing the issue to “limited AIS functionality, inadequate staffing and external factors.” 

“The quality of information shared with AIS participants was not always adequate to identify and mitigate cyber threats. According to Federal and private sector entities we interviewed, most of the cyber threat indicators did not contain enough contextual information to help decision makers take action.” 

“Deficiencies in the quality of threat information shared among AIS participants may hinder the federal government’s ability to identify and mitigate potential cyber vulnerabilities and threats,” the report added. 

Real-time contextual information like anomalies in network traffic, Internet Protocol addresses, domain names and hash files can help organisations better protect themselves from future cyber intrusions, the report noted, as in the case of the 2020 SolarWinds supply chain attack. “Although CISA generally increased the number of AIS participants and number of cyber threat indicators shared and received, the quality of the cyber threat indicators was not adequate for participants to take necessary actions... We recommend CISA complete system upgrades, hire needed staff, encourage compliance with information sharing agreements and develop a formal reporting process with quality controls.,” says the Report.

CISA agreed with the recommendations and said it had either fully resolved or was in the process of resolving each issue.  The agency said it was building up contractual resources to better support information sharing initiatives and was anticipating a completion date in January 2023.

CISA:        DHS:         DefenseOne:     FCW

You Might Also Read: 

US Government Will Invest $15 Billion In National Cyber Security:

 

« How to Manage Cybersecurity Staff Shortages
Welcome To NATO - Finland’s Parliament Attacked »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

XYPRO Technology

XYPRO Technology

XYPRO is the market leader in HPE Non-Stop Security, Risk Management and Compliance.

Clayden Law

Clayden Law

Clayden Law advise global businesses that buy and sell technology products and services. We are experts in information technology, data privacy and cybersecurity law.

The PC Support Group

The PC Support Group

A partnership with The PC Support Group delivers improved productivity, reduced costs and protects your business through exceptional IT, telecoms and cybersecurity services.

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

MIRACL

MIRACL

MIRACL provides the world’s only single step Multi-Factor Authentication (MFA) which can replace passwords on 100% of mobiles, desktops or even Smart TVs.

Redspin

Redspin

Redspin provide penetration testing, security assessments and consulting services.

Fornetix

Fornetix

Fornetix is a cybersecurity platform enabling Zero Trust while delivering critical encryption automation, access controls, authorization services, machine identity, and ICAM solutions,

IDpendant

IDpendant

IDpendant offers a wide range of services, including authentication technology, client security products, single sign on systems, encryption solutions, card and mobile device management systems.

Exatel

Exatel

Exatel is Poland’s leading provider of ICT security services.

Qufaro

Qufaro

Qufaro is a new initiative designed to make it simpler for those with career ambitions in cyber security to access the UK’s cyber-specific education and innovation opportunities.

Viscount Systems

Viscount Systems

Viscount Systems is a global security software solutions company that is changing the way access control is deployed and managed in the enterprise.

SoSafe

SoSafe

SoSafe empowers organizations to build a security culture and mitigate risk with its GDPR-compliant awareness programs.

National Centre for Cyber Security (NCCS) - Pakistan

National Centre for Cyber Security (NCCS) - Pakistan

National Centre for Cyber Security (NCCS) undertakes cyber security research and plays a leading role in securing Pakistan’s Cyberspace.

CyberQ Group

CyberQ Group

CyberQ is an award winning cyber security consultancy and services provider and an innovator in Artificial Intelligence and Automated Cyber Security.

Jandnet Recruitment

Jandnet Recruitment

Jandnet Recruitment is a small specialist company working in the IT sector. We recruit across all IT disciplines including cyber security and digital identity.

Cyber Range Malaysia

Cyber Range Malaysia

With Cyber Range Malaysia organizations can train their security professionals in empirically valid cyber war-gaming scenarios necessary to develop IT staff skills and instincts for defensive action.

Cranfield University

Cranfield University

Cranfield Defence and Security are at the forefront of their fields, offering capabilities ranging from cyber security and digital warfare to robotics, forensic sciences and simulation and analytics.

Oasis Technology

Oasis Technology

Oasis Technology are experts in cyber security. In addition to pioneering the game-changing TITAN anti-hacking device, we provide extensive cyber security consulting services.

Northdoor

Northdoor

Northdoor provides a comprehensive set of services around information security and works with leading global technology vendors to deploy and manage cyber security solutions.

Two99

Two99

Two99 provide tailored excellence in the areas of E-Commerce, Marketing, Consulting, and Cyber Security.

Getvisibility

Getvisibility

Getvisibility enables customers to detect, classify and protect sensitive information increasing data security, governance, compliance and lowering the risk of losing valuable data.