DHS's Ann L. Barron-DiCamillo says partners and stakeholders are communicating better about cyber-threats.
The Homeland Security Department is well into efforts to secure federal networks, whether it’s through continuous monitoring, multi-lateral partnerships or a range of support programs. A handful of specific initiatives are showing promise in not only furthering network security but also in protecting data critical to government functions – all through improving information-sharing, one official said.
Communications between partners and stakeholders are seeing improvement when it comes to cyber threat-sharing in particular, according to Ann Barron-DiCamillo, manager and chief of operations for DHS’ US-CERT program.
At least some of those improvements center on the employment of Structured Threat Information eXpression, or STIX, and Trusted Automated eXchange of Indicator Information, or TAXII.
STIX is an international standard for sharing cyber-threat information between global partners. Jointly developed between DHS and Mitre, STIX provides a common language that allows data to be shared at machine-to-machine speed and integrates the fast-moving information into the existing security structure. TAXII is the protocol for sharing the information, Barron-DiCamillo said April 24 at an Informatica event in Washington.
“STIX is the structure, TAXII is the format…specifically around [threat] indicator sharing,” she said. “When you’re sharing in one format, it’s easier to consume [and] it’s easier to act” on the information.
The effort includes numerous partners across government and industry, including, as of recently, the Financial Services Information Sharing and Analysis Center, which is an arm that protects the financial sector against cyber threats.
Barron-DiCamillo also said there’s been progress since adopting the use of a “traffic light protocol,” which ranks sensitivity of information and delineates with whom it can be shared. For example, red is highly sensitive data shared only with certain people, while green can be shared community-wide.
“It’s been helpful with all the constituents we have at DHS – the dot-gov, state, local tribal and territorial, and our international partners,” she said.
Ranking that information has been made a little easier by applying the FedRAMP model to help determine what level data should be classified, Barron-DiCamillo added.
The model helps DHS because deals “with over 200 international countries who don’t have access to classified networks, but we still need to share with them. If you’re putting information in databases that are precluding your customers and constituents from accessing it, it impedes information-sharing.”