The Department of Homeland Security (DHS) has worked hard to create frameworks to share information in a secure way, and would like to see more engagement by industry, said Bradford Willke, acting director for the Stakeholder Engagement & Cyber Infrastructure Resilience Division at the Cybersecurity and Infrastructure Security Agency (CISA).
When asked if adoption of DHS tools is where he would like to see it, Willke’s response was quick.
“No, no it’s not. Quite frankly, I need all of you, and I need all of your participation in things like our automated indicator sharing, our cyber information sharing collaboration programs. I need your analysts working with us,” he said during Forcepoint’s Cybersecurity Leadership Forum on March 4.
“It sounds like a pyramid scheme, but to give you something of value, I have to get something that I can actually look against maybe classified information as a sounding board, and then use those analytics sets and put it back with confidence and with context back to you,” he added.
The need to compare industry information against classified information can also make DHS seem slow to act, noted Willke. While DHS aims to share as much information as they can, it may seem like a slow trickle to industry partners. However, DHS is committed to sharing needed information, he emphasized.
“What you may see, as consumers of our data, is a slow trickle effect … we want to motivate you to really understand who the bad actor is, we want to give you enough information to understand how they’re actually leveraging their toolkit and modus operandi, and get that into your hands so you can take action with confidence. To you, as my customer, it’s going to feel like a trickle effect,” said Willke.
Offering the recent DNS tampering as an example, Willke described how DHS tried to keep as much information out in the public as possible.
“We tried to keep that as much in the sunlight as possible. It didn’t really matter who was behind it – what you wanted to know was ‘What are we seeing in the DNS tampering space?’ … we’re trying to get that information out through information sharing analysis centers, information sharing analysis organizations, we’re trying to gut check what we feel we’re seeing internationally, and I think there’s a big sort of ‘see something, say something’ moment we had because we could keep it unclassified,” he noted.