recommended reading

‘See Something, Say Something’-like System to Power Sharing of Cyber Tips


The White House will refurbish existing technology for sharing reports of suspected terrorist activity to carry out a new executive order encouraging the disclosure of cyber threats, U.S. intelligence officials told Nextgov

Since 2004, an agency within the Office of the Director of National Intelligence has put forth technical standards and policies to protect the quality and confidentiality of tips exchanged concerning national security threats. One of the key counterterrorism efforts supported by the DNI Information Sharing Environment office is the “Nationwide Suspicious Activity Reporting” system that securely routes incoming messages from the “See Something, Say Something” public awareness campaign.

Now, to hasten cybersecurity-related communications, the intelligence community, along with the Defense, Commerce, Homeland Security and Justice departments, are "leveraging the appropriate best practices, frameworks, and assets from the Information Sharing Environment," said Kshemendra Paul, program manager for the intelligence office, known as ISE. 

The speed and security of ISE’s counterterrorism messaging techniques prompted the Obama administration to broaden their use, according to intelligence officials.

"The White House recognizes cyber information sharing as a priority,” and, in line with its policies on data protection, “has asked [ISE] to join the interagency team as part of a broader push to accelerate responsible sharing of cybersecurity information,” Paul said.

The cybersecurity executive order, released last week, includes rules for the government and voluntary initiatives for vital U.S. sectors, such as the energy and health care industries, aimed at protecting private networks.

One provision calls on the DNI and other agencies to establish a mechanism similar to the suspicious activity reporting system for sharing computer infection alerts. The order requires a process that "rapidly disseminates" to affected companies reports about "cyber threats to the U.S. homeland that identify a specific targeted entity." The procedures, however, must not allow the intelligence to be leaked or blow the cover off sources, the provision states.

The cyber tip hotline will not exactly mirror the counterterrorism phone tree. Rather, the new information-sharing arrangement will reuse applicable features as a foundation, a DNI official said.

Today, to communicate potential terrorist threats, local police forward messages to analysts at DHS-funded state fusion centers, who decide whether the reported abnormal activity merits circulation. Writeups worthy of national distribution are stripped of any sensitive personal or investigative information to protect local citizens. Each file is then catalogued inside a state-owned server that outside authorities access remotely through the cloud. This way, each jurisdiction maintains control over its data and does not have to buy a whole new computing system.

The usefulness of this information-sharing approach is still up for debate. Critics of the suspicious activity reporting system, including the American Civil Liberties Union, say it overshoots and captures innocent behavior, like tourists snapping photos of bridges. At the other extreme, the DNI reported in 2012 that almost half of federal agencies were not entering documented incidents into the network.

The tools and techniques for conveying threats are still evolving, intelligence officials say. And even ACLU members have commended ISE for refining the reporting standards to, among other things, force police to establish a connection to terrorism before publishing Americans' personal information.

Threatwatch Alert

Network intrusion

Florida’s Concealed Carry Permit Holders Names Exposed

See threatwatch report


Close [ x ] More from Nextgov

Thank you for subscribing to newsletters from
We think these reports might interest you:

  • Modernizing IT for Mission Success

    Surveying Federal and Defense Leaders on Priorities and Challenges at the Tactical Edge

  • Communicating Innovation in Federal Government

    Federal Government spending on ‘obsolete technology’ continues to increase. Supporting the twin pillars of improved digital service delivery for citizens on the one hand, and the increasingly optimized and flexible working practices for federal employees on the other, are neither easy nor inexpensive tasks. This whitepaper explores how federal agencies can leverage the value of existing agency technology assets while offering IT leaders the ability to implement the kind of employee productivity, citizen service improvements and security demanded by federal oversight.

  • Effective Ransomware Response

    This whitepaper provides an overview and understanding of ransomware and how to successfully combat it.

  • Forecasting Cloud's Future

    Conversations with Federal, State, and Local Technology Leaders on Cloud-Driven Digital Transformation

  • IT Transformation Trends: Flash Storage as a Strategic IT Asset

    MIT Technology Review: Flash Storage As a Strategic IT Asset For the first time in decades, IT leaders now consider all-flash storage as a strategic IT asset. IT has become a new operating model that enables self-service with high performance, density and resiliency. It also offers the self-service agility of the public cloud combined with the security, performance, and cost-effectiveness of a private cloud. Download this MIT Technology Review paper to learn more about how all-flash storage is transforming the data center.


When you download a report, your information may be shared with the underwriters of that document.