DHS cyber information sharing: ensuring privacy in the Automated Indicator Sharing initiative

DHS seal 112On November 18, the Department of Homeland Security posted the following communication from Dr. Andy Ozment, Assistant Secretary for Cybersecurity and Communications and Jamie Danker, National Protection and Programs Directorate Privacy Officer.

Many cyber attacks can be identified—and prevented—by sharing information about unique attack attributes, also known as indicators. A cyber threat indicator might include unique attributes of a spearphishing e-mail, such as the subject line or sending computer; or it might be a specific piece of software known to contain malicious code.

As part of our efforts to further enhance information sharing, the Department of Homeland Security’s Automated Indicator Sharing (AIS) initiative connects participating organizations to a DHS-managed system that allows two-way sharing of cyber threat indicators—from the information sharing partner to DHS, and vice versa. AIS leverages DHS-led standards for machine-to-machine communication, providing a mechanism for DHS to rapidly share cyber threat indicators with other federal agencies and the private sector.

The results of this effort will allow participating organizations to submit and receive actionable cyber threat indicators in near-real-time for network defense. This information sharing initiative will also help DHS build a common, shared knowledge of current threats to better protect federal networks and help the private sector protect itself.

DHS recognizes that cybersecurity information sharing among diverse sources requires a preeminent focus on ensuring appropriate protection for individual privacy and civil liberties, so implementing necessary safeguards was a foremost consideration in designing and implementing the AIS initiative.

The Department has published its Privacy Impact Assessment (PIA) for AIS, detailing all identified privacy risks as well as the protections implemented to mitigate them. For example, the PIA notes a potential risk that Personal Identifiable Information (PII) or other sensitive information could be forwarded to DHS as part of a cyber threat indicator. To address this risk, the Department implemented robust protections to minimize the risk that PII is collected, as well as steps to ensure that, when present, PII that is not necessary to understanding the cyber threat  is quickly identified, deleted, and never shared.

Source: DHS