recommended reading

‘See Something, Say Something’-like System to Power Sharing of Cyber Tips


The White House will refurbish existing technology for sharing reports of suspected terrorist activity to carry out a new executive order encouraging the disclosure of cyber threats, U.S. intelligence officials told Nextgov

Since 2004, an agency within the Office of the Director of National Intelligence has put forth technical standards and policies to protect the quality and confidentiality of tips exchanged concerning national security threats. One of the key counterterrorism efforts supported by the DNI Information Sharing Environment office is the “Nationwide Suspicious Activity Reporting” system that securely routes incoming messages from the “See Something, Say Something” public awareness campaign.

Now, to hasten cybersecurity-related communications, the intelligence community, along with the Defense, Commerce, Homeland Security and Justice departments, are "leveraging the appropriate best practices, frameworks, and assets from the Information Sharing Environment," said Kshemendra Paul, program manager for the intelligence office, known as ISE. 

The speed and security of ISE’s counterterrorism messaging techniques prompted the Obama administration to broaden their use, according to intelligence officials.

"The White House recognizes cyber information sharing as a priority,” and, in line with its policies on data protection, “has asked [ISE] to join the interagency team as part of a broader push to accelerate responsible sharing of cybersecurity information,” Paul said.

The cybersecurity executive order, released last week, includes rules for the government and voluntary initiatives for vital U.S. sectors, such as the energy and health care industries, aimed at protecting private networks.

One provision calls on the DNI and other agencies to establish a mechanism similar to the suspicious activity reporting system for sharing computer infection alerts. The order requires a process that "rapidly disseminates" to affected companies reports about "cyber threats to the U.S. homeland that identify a specific targeted entity." The procedures, however, must not allow the intelligence to be leaked or blow the cover off sources, the provision states.

The cyber tip hotline will not exactly mirror the counterterrorism phone tree. Rather, the new information-sharing arrangement will reuse applicable features as a foundation, a DNI official said.

Today, to communicate potential terrorist threats, local police forward messages to analysts at DHS-funded state fusion centers, who decide whether the reported abnormal activity merits circulation. Writeups worthy of national distribution are stripped of any sensitive personal or investigative information to protect local citizens. Each file is then catalogued inside a state-owned server that outside authorities access remotely through the cloud. This way, each jurisdiction maintains control over its data and does not have to buy a whole new computing system.

The usefulness of this information-sharing approach is still up for debate. Critics of the suspicious activity reporting system, including the American Civil Liberties Union, say it overshoots and captures innocent behavior, like tourists snapping photos of bridges. At the other extreme, the DNI reported in 2012 that almost half of federal agencies were not entering documented incidents into the network.

The tools and techniques for conveying threats are still evolving, intelligence officials say. And even ACLU members have commended ISE for refining the reporting standards to, among other things, force police to establish a connection to terrorism before publishing Americans' personal information.

Threatwatch Alert

Thousands of cyber attacks occur each day

See the latest threats


Close [ x ] More from Nextgov

Thank you for subscribing to newsletters from
We think these reports might interest you:

  • Featured Content from RSA Conference: Dissed by NIST

    Learn more about the latest draft of the U.S. National Institute of Standards and Technology guidance document on authentication and lifecycle management.

  • PIV- I And Multifactor Authentication: The Best Defense for Federal Government Contractors

    This white paper explores NIST SP 800-171 and why compliance is critical to federal government contractors, especially those that work with the Department of Defense, as well as how leveraging PIV-I credentialing with multifactor authentication can be used as a defense against cyberattacks

  • Toward A More Innovative Government

    This research study aims to understand how state and local leaders regard their agency’s innovation efforts and what they are doing to overcome the challenges they face in successfully implementing these efforts.

  • From Volume to Value: UK’s NHS Digital Provides U.S. Healthcare Agencies A Roadmap For Value-Based Payment Models

    The U.S. healthcare industry is rapidly moving away from traditional fee-for-service models and towards value-based purchasing that reimburses physicians for quality of care in place of frequency of care.

  • GBC Flash Poll: Is Your Agency Safe?

    Federal leaders weigh in on the state of information security

  • Data-Centric Security vs. Database-Level Security

    Database-level encryption had its origins in the 1990s and early 2000s in response to very basic risks which largely revolved around the theft of servers, backup tapes and other physical-layer assets. As noted in Verizon’s 2014, Data Breach Investigations Report (DBIR)1, threats today are far more advanced and dangerous.


When you download a report, your information may be shared with the underwriters of that document.