Andrea Danti - Fotolia
DHS-led agency works to visualize, share cyber-risk information
A Department of Homeland Security initiative strives to improve cybersecurity information sharing between the public and private sector, but familiar challenges remain.
Representatives from the U.S. Department of Homeland Security's new Cybersecurity and Infrastructure Security Agency, or CISA, say a big part of its goal is to create more visibility into cyberthreats and risks.
According to Matthew Hartman, acting director of the Federal Network Resilience Division at CISA, the agency is exploring ways to "visualize threat and vulnerability data" to help decision-makers prioritize their cybersecurity efforts.
"We seek to help organizations better manage risk and increase resilience using all available resources, whether provided by the federal government, commercial vendors or their own capabilities," Hartman said.
CISA's efforts to create more visibility into threats mirrors work happening in the security industry, as cybersecurity vendors, enterprise cybersecurity leaders and various organizations are working to gather real-time insights into existing and emerging risks. The ultimate goal is to leverage that data to better prevent attacks.
Such information gathering and sharing, however, hasn't yet reached its full potential, as many organizations opt not to share data or aren't able to put such intelligence to work within their own organization.
"Information sharing leads to efficiencies and reduced risk across the public sector and the greater commercial infrastructure, as well, but sharing information in cybersecurity has been challenging," said Jason Yakencheck, president of the Greater Washington, D.C. chapter of ISACA, an IT governance organization, and senior managing consultant of cybersecurity and biometrics at IBM Global Business Services.
Federal programs add cyber-risk insight
Hartman pointed to several programs that can help equip leaders with the information they need to make risk-informed decisions. These programs help identify risk and prioritize threats, while also providing agencies with better insight and understanding of system-level risks.
This is largely due to the enhanced visibility into the number of vulnerabilities in environments and their significance, Hartman said.
"This first step is game-changing because it supports the federal government's effort to more effectively and proactively manage cyber-risk," he said. "The next step on that path is to better understand the context of the vulnerabilities with respect to mission impact."
Hartman said CISA's efforts extend beyond the federal government. He cited the 2018 launch of the National Risk Management Center, which helps the public and private sector to identify, analyze and manage risk.
He also pointed to the Automated Indicator Sharing program, which enables the exchange of cyberthreat indicators -- such as malicious IP addresses -- between CISA and the private sector at machine speed.
The value of cybersecurity information sharing
CISOs can learn from CISA's efforts to generate and disseminate threat data.
Sharing information about threats can help boost overall cybersecurity by alerting others to those risks, as well as providing successful ways to counteract them, said Kayne McGladrey, national cybersecurity expert, director of security and information technology for Pensar Development, and member of the Institute of Electrical and Electronics Engineers.
Jason Yakencheck
"They could actually see a reduction in those threats that are commodity threats -- threats that are crimes of opportunity [vs. targeted attacks]," he said.
Cybersecurity information sharing could also help boost user threat awareness, which is considered one of the biggest cybersecurity vulnerabilities, Yakencheck said.
"There's a lot of value if the information [that] cascades from organizations can be converted into training or security bulletins that the average person can make sense of so they know how it could impact them," he added.
Additionally, contextualizing and visualizing threats could help enterprise decision-makers better understand complex cybersecurity information that offers more insight when making cybersecurity investments, McGladrey said.
There are efforts in place to aggregate cyberthreat data, as various technology vendors and trade organizations already amass such information. Some of those groups, including vendors, generally use that information to improve their cybersecurity solutions. Others distribute the information -- whether free or for a fee -- to CISOs, enterprise executives and other security leaders to use.
Data sharing complications
But despite the potential cybersecurity improvements that can come with increased information sharing, experts say many organizations don't share details about the threats they're facing. Some organizations, particularly cybersecurity solutions providers, see such data as proprietary and use it to improve their own products.
Others don't want to publicly acknowledge such threats, particularly if any of them resulted in a successful hack. Moreover, the data isn't necessarily helpful if CISOs aren't prepared to either share or use it, experts say.
Even armed with the best, latest cyberdefense information, every organization has to understand its own risk and threat profile to make the appropriate investments to offset specific threats unique to its company, Yakencheck added.
"It's going to come down to the sensitivity level and risk tolerance they have vs. the threats, and then bringing in the right architecture and tools that allow them to be agile enough to adapt to the ever-changing threat landscape," Yakencheck said.