One of CISA's most important and enduring roles is providing timely and actionable cybersecurity information to our partners across the country.
Nearly a decade ago, CISA stood up our Automated Indicator Sharing, or AIS, program to widely exchange machine-readable cyber threat information.
We know that the only constant in cybersecurity is change, and we're evolving our information sharing approaches to maximize value to our partners and keep pace with a changing threat environment.
Every day, CISA evaluates the cyber threat environment, considers the impact of known vulnerabilities, and assesses the defensive posture of entities across our Nation to determine how we can most effectively safeguard critical infrastructure and government networks.
Our insight is derived from a variety of sources to include classified and open-source reporting; operational collaboration with government and industry partners; findings from CISA assessments and incident response; and from information shared by members of our broad cybersecurity community through mechanisms such as AIS. CISA then translates these insights into timely and relevant information.
We enrich our shared services and cyber capabilities with cyber threat information.
Across the board, CISA incorporates our unique insights of the global cyber threat environment into everything we offer to provide value to our partners.
While these threat-informed products and capabilities are important to many of our stakeholders, we know that organizations also benefit from receiving cyber threat information to shape investment decisions and prioritize mitigation actions.
It is not enough to monitor broad cyber threats generally; organizations must apply threat information to their own risk and technology environments.
AIS was established to satisfy legislative requirements and to provide stakeholder communities with a cost-effective means by which to exchange cyber threat indicators and defensive measures with CISA and, in doing so, with thousands of cybersecurity practitioners across the country and with partners across the globe.
As the cyber threat environment evolves, so must our capabilities to analyze and share cyber threat information.
A decade later, the cybersecurity industry has matured substantially; current products and services are addressing information requirements for most organizations and, in an era of information overload, practitioners still require speed but value context, precision, and tailored insights over volume and velocity alone.
In 2024, CISA will begin a strategic effort to modernize our approach to enterprise cyber threat information sharing.
Simplification: We will refocus and consolidate our customer-facing cyber threat intelligence offerings under a new initiative called Threat Intelligence Enterprise Services.
The TIES Exchange Platform will unify our information sharing capabilities under a single banner for federal agencies and certain user communities, enabling streamlined provision of cyber threat information from our partners and commercial sources.
As we design and implement this central solution, CISA is working in parallel to modernize our AIS capability which, in the future, will further complement CISA-curated threat feeds made available by this shared service platform.
Learning from Experience: We will rigorously learn from known challenges with the legacy AIS system: we know that it must be easy to both share and receive, that shared information must have sufficient context to enable prioritized action; and that every participant must recognize meaningful value that is additive to existing cybersecurity capabilities.
Our goal is to facilitate collective, automated cyber defense through increased sharing and context, shaped by an acute understanding of the threat environment.
While CISA implements this transition over the next two years, the AIS program will remain available, and we encourage users to continue leveraging this capability and actively share indicators back with CISA. Our shared visibility into cyber threats is our best defense.
We look forward to sharing more details about TIES and our cyber threat exchange modernization initiatives throughout the year.
This Cyber News was published on www.cisa.gov. Publication date: Mon, 18 Dec 2023 19:43:04 +0000