recommended reading

‘See Something, Say Something’-like System to Power Sharing of Cyber Tips


The White House will refurbish existing technology for sharing reports of suspected terrorist activity to carry out a new executive order encouraging the disclosure of cyber threats, U.S. intelligence officials told Nextgov

Since 2004, an agency within the Office of the Director of National Intelligence has put forth technical standards and policies to protect the quality and confidentiality of tips exchanged concerning national security threats. One of the key counterterrorism efforts supported by the DNI Information Sharing Environment office is the “Nationwide Suspicious Activity Reporting” system that securely routes incoming messages from the “See Something, Say Something” public awareness campaign.

Now, to hasten cybersecurity-related communications, the intelligence community, along with the Defense, Commerce, Homeland Security and Justice departments, are "leveraging the appropriate best practices, frameworks, and assets from the Information Sharing Environment," said Kshemendra Paul, program manager for the intelligence office, known as ISE. 

The speed and security of ISE’s counterterrorism messaging techniques prompted the Obama administration to broaden their use, according to intelligence officials.

"The White House recognizes cyber information sharing as a priority,” and, in line with its policies on data protection, “has asked [ISE] to join the interagency team as part of a broader push to accelerate responsible sharing of cybersecurity information,” Paul said.

The cybersecurity executive order, released last week, includes rules for the government and voluntary initiatives for vital U.S. sectors, such as the energy and health care industries, aimed at protecting private networks.

One provision calls on the DNI and other agencies to establish a mechanism similar to the suspicious activity reporting system for sharing computer infection alerts. The order requires a process that "rapidly disseminates" to affected companies reports about "cyber threats to the U.S. homeland that identify a specific targeted entity." The procedures, however, must not allow the intelligence to be leaked or blow the cover off sources, the provision states.

The cyber tip hotline will not exactly mirror the counterterrorism phone tree. Rather, the new information-sharing arrangement will reuse applicable features as a foundation, a DNI official said.

Today, to communicate potential terrorist threats, local police forward messages to analysts at DHS-funded state fusion centers, who decide whether the reported abnormal activity merits circulation. Writeups worthy of national distribution are stripped of any sensitive personal or investigative information to protect local citizens. Each file is then catalogued inside a state-owned server that outside authorities access remotely through the cloud. This way, each jurisdiction maintains control over its data and does not have to buy a whole new computing system.

The usefulness of this information-sharing approach is still up for debate. Critics of the suspicious activity reporting system, including the American Civil Liberties Union, say it overshoots and captures innocent behavior, like tourists snapping photos of bridges. At the other extreme, the DNI reported in 2012 that almost half of federal agencies were not entering documented incidents into the network.

The tools and techniques for conveying threats are still evolving, intelligence officials say. And even ACLU members have commended ISE for refining the reporting standards to, among other things, force police to establish a connection to terrorism before publishing Americans' personal information.

Threatwatch Alert

Thousands of cyber attacks occur each day

See the latest threats


Close [ x ] More from Nextgov

Thank you for subscribing to newsletters from
We think these reports might interest you:

  • It’s Time for the Federal Government to Embrace Wireless and Mobility

    The United States has turned a corner on the adoption of mobile phones, tablets and other smart devices, outpacing traditional desktop and laptop sales by a wide margin. This issue brief discusses the state of wireless and mobility in federal government and outlines why now is the time to embrace these technologies in government.

  • Featured Content from RSA Conference: Dissed by NIST

    Learn more about the latest draft of the U.S. National Institute of Standards and Technology guidance document on authentication and lifecycle management.

  • A New Security Architecture for Federal Networks

    Federal government networks are under constant attack, and the number of those attacks is increasing. This issue brief discusses today's threats and a new model for the future.

  • Going Agile:Revolutionizing Federal Digital Services Delivery

    Here’s one indication that times have changed: Harriet Tubman is going to be the next face of the twenty dollar bill. Another sign of change? The way in which the federal government arrived at that decision.

  • Software-Defined Networking

    So many demands are being placed on federal information technology networks, which must handle vast amounts of data, accommodate voice and video, and cope with a multitude of highly connected devices while keeping government information secure from cyber threats. This issue brief discusses the state of SDN in the federal government and the path forward.

  • The New IP: Moving Government Agencies Toward the Network of The Future

    Federal IT managers are looking to modernize legacy network infrastructures that are taxed by growing demands from mobile devices, video, vast amounts of data, and more. This issue brief discusses the federal government network landscape, as well as market, financial force drivers for network modernization.


When you download a report, your information may be shared with the underwriters of that document.