Report Calls for Better Data Sharing

The Department of Homeland Security’s (DHS’) Office of Inspector General (OIG) says the department needs to improve how it facilitates cyberthreat information sharing between federal government agencies and the private sector. Although the OIG acknowledges DHS’ progress in enabling sharing among government entities, the department’s system still focuses on volume, velocity and timeliness of information but does not provide the quality, contextual data needed for the private sector to effectively defend against ever-evolving threats.  

The OIG’s biennial report also recognized the department’s improvements in properly classifying cyberthreat indicators and defensive measures as well as accounting for the security clearances of private sector recipients of this information.

Challenges continue because the DHS’ system is automated with predetermined data fields, the OIG found. As a result, it does not provide adequate information regarding specific incidents, tactics, techniques and procedures that unauthorized users have deployed to exploit software vulnerabilities. To address this shortfall, federal and private sector partners sometimes rely on other systems or participate in other DHS information sharing programs to obtain quality cyberthreat data.

The report also noted that the unclassified and classified databases and repositories are not integrated. Consequently, analysts’ ability to compile complete situational awareness of potential threats is limited.

The OIG has made five recommendations for the National Protection Programs Directorate to improve current conditions, including acquiring the technologies for cross-domain sharing and automated analysis of cyberthreat data; enhancing outreach to promote DHS’ information sharing program; and implementing required security controls on selected information systems. The directorate is moving forward with implementing the recommendations.