DHS launches two-way threat sharing system for public-private collaboration
The DHS has officially deployed its Automated Indicator Sharing system for two-way cyberthreat data exchange with businesses and organizations.
The Department of Homeland Security (DHS) has declared itself officially ready to exchange cybersecurity intelligence with private industries and other organizations using an automated threat-sharing system, under the terms of the Cybersecurity Act of 2015.
Central to this announcement was the deployment of DHS's new Automated Indicator Sharing (AIS) system, the tool that the DHS and other federal agencies will use to electronically share cyberthreat data, in virtually real-time, with businesses, critical infrastructure partners, non-profits, academic institutions, foreign allies, Information Sharing and Analysis Centers (ISACs) and Information Sharing and Analysis Organizations (ISAOs). In an announcement posted on DHS' web site, the agency stated that “when one participant detects a threat, all participants in AIS will learn about it.”
DHS launched the AIS system yesterday at its National Cybersecurity and Communications Integration Center in Virginia, in the presence of key U.S. officials including DHS Secretary Jeh Johnson; U.S. Rep. Michael McCaul (R-Tex.), chairman of the House Committee on Homeland Security; and Rep. John Ratcliffe (R-Tex.).
Yesterday was the official deadline imposed by the Cybersecurity Act of 2015 to commence automated two-way sharing of cyberintelligence. While AIS technically launched in time, the DHS acknowledged that its standards will still continue to evolve over time as additional entities join this information-sharing ecosystem. Businesses that choose to participate will be broadly shielded from civil, regulatory or antitrust liability for any actions related to the sharing of cyberthreat information.
The National Retail Federation, a strong proponent of the Cybersecurity Information Sharing Act (CISA) upon which the Cybersecurity Act of 2015 was built, applauded the launch of AIS in an emailed statement to SCMagazine.com. “Sharing information on cyberthreats will create an atmosphere of community vigilance that will ensure that consumers' sensitive data is kept safe,” said David French, senior vice president for government relations at the NRF.