The Cyber Resilience Institute maintains a Cooperative Research and Development Agreement (CRADA) with the U.S. Department of Homeland Security’s National Protection and Programs Directorate (NPPD) within the Office of Cybersecurity and Communications.
The Critical Infrastructure Key Resources (CIKR) Cyber Information Sharing and Collaboration Program (CISCP) was established for information sharing and collaboration with DHS’s critical infrastructure partners. The CISCP shares cyber threat, incident, and vulnerability information in near-real time, and enhances collaboration in order to better understand the threat and improve network defense for the entire community. The key focus of this program is to establish a community of trust between the Federal Government and entities from across the different critical infrastructure sectors and then leverage these relationships for enhanced information sharing and collaboration. CRI works as a trust partner in helping to develop these relationships with security vendors, educational institutions, other not-for-profit entities, the media and press, and community leaders.
Executive Order (EO) 13691, issued in February 2015, directs DHS to encourage the development and formation of Information Sharing and Analysis Organizations (ISAOs). Like Information Sharing and Analysis Centers (ISACs), the purpose of ISAOs is to gather, analyze, and disseminate cyber threat information. While ISACs were formed based upon sectors, the ISAO model enables companies to share threat information with the government and with each other by forming groups based on geography, existing trust relationships, or any other reason. ISAO is thus a broad term that encompasses ISACs and other types of information sharing organizations.
In December of 2015 Congress passed the Cybersecurity Information Sharing Act of 2015 (CISA), which was meant to encourage companies to share critical cyber threat information with each other and with the government in a timely manner. To facilitate this effort, the legislation required DHS to develop and deploy a system enabling the automated exchange of cyber threat indicators in real time. In March 2016, then serving DHS Secretary Jeh Johnson certified AIS as fully operational.
AIS is the cornerstone of DHS’ effort to create an information sharing ecosystem: a 21st century neighborhood watch. The moment a company or federal agency observes an attempted compromise, indicators associated with that attempt are shared in real time with our partners, protecting them from that particular threat. This means that adversaries can only use an attack once, which increases their costs and reduces the prevalence of cyber attacks. As the number of actionable indicators shared through AIS grows, participants’ ability to block cyber attacks will improve. AIS won’t eliminate sophisticated cyber threats, but it will free up resources so that organizations can focus on them.
CRIs programs are aimed at providing a critically-needed bridge between these Federal programs and the various state and local programs emerging in response to EO 13691, CISA and the AIS program. Our ongoing CRADA provides a framework for accomplishing this.