On Friday, the Department of Homeland Security’s Office of the Inspector General published a report on Automated Indicator Sharing (AIS) — which was used to spread cyber threat intelligence and was mandated as part of a 2015 law. The nation’s top cyber agency said it has plans to revitalize a system used to share cybersecurity threat information after a government watchdog raised concerns about the program’s recent shortcomings. The inspector general made attempts to interview senior leaders at CISA but were unsuccessful and never discovered the rationale behind why the agency decided to stop actively promoting AIS. The inspector general responded to this statement, noting that CISA did not mention implementing performance metrics in their response, forcing them to leave this issue unresolved until CISA provides further documentation. The Cybersecurity Act of 2015 mandated that the Department of Homeland Security establish a capability and process for federal entities to receive cyber threat information from non-Federal entities. Much of the statement is identical to what was in a letter sent by CISA to the inspector general in response to the report. The report said CISA was planning to create an “online marketplace” that would allow them to advertise AIS to data producers, but the agency reorganized its offices and never launched the marketplace. The Cybersecurity and Infrastructure Security Agency (CISA), the agency in charge of AIS, was criticized in the report for steep declines in participation as well as missing information on the program’s funding. “CISA is committed to strengthening the sharing of cyber threat information and improving documentation of future costs related to AIS,” the spokesperson said. In June, an advisory committee demanded CISA make changes to a key public-private cybersecurity partnership after several unnamed participants complained to Politico that the initiative was “hampered by mismanagement,” slow to act on the tips provided and was not staffed with enough technical experts. CISA also could not say how much it cost to upgrade and operate the AIS program “because it did not maintain expenditure data to readily allow auditing of AIS-related costs,” the OIG report said. CISA’s letter to the inspector general, which was included in the report, said its Cybersecurity Division is leading the evaluation of the AIS service. “The number of participants using AIS to share cyber threat information has declined to its lowest level since 2017. The voluntary process allows for public and private-sector entities to share cyber threat information with each other. In a statement to Recorded Future News, a spokesperson for CISA said they concur with both recommendations and have already begun implementing them. CISA has 90 days to provide follow-up responses to the inspector general. “Among other factors, overall participation in AIS declined because CISA did not have an outreach strategy to recruit and retain data producers. The report did not specify the agency, and CISA did not respond to questions about why this occurred. The inspector general has released three reports examining AIS since it was created, finding over the years that the platform struggled due to the functionality of the tool, staffing inadequacies and more. CISA has previously faced backlash for its inconsistent threat sharing efforts. They also suggest CISA maintain spending plans to document the future costs of the AIS program.
This Cyber News was published on therecord.media. Publication date: Mon, 30 Sep 2024 20:25:14 +0000