The goal is for organizations to use the tool to automatically block cyber threats.
The Homeland Security Department plans to update its system for automatically sharing cybersecurity threat information with companies, critical infrastructure providers and other federal agencies this coming summer or fall, a top official said Thursday.
More than 200 organizations have signed up to automatically receive the indicators, but most of them aren’t using that information to automatically block malicious traffic into their networks, Jeanette Manfra, assistant secretary in Homeland Security’s Office of Cybersecurity and Communications, said.
Generally, that’s because customer organizations say the indicators don’t include enough information for them to determine what’s truly relevant, Manfra told an audience at the industry group US Telecom’s cybersecurity policy forum.
Homeland Security hopes to remedy that with the update, she said.
“If you’re not automating the whole … process, it’s not really getting us to that next level of automated defense,” Manfra said.
Homeland Security launched its automated indicator sharing program in March 2016, after it was authorized by Congress in a major 2015 cybersecurity bill. The list of indicator recipients includes all major federal agencies.
The update will also include a capability for customers to provide automated feedback to Homeland Security about what they’re doing with the cyber threat indicators the department passes along and how useful they are, Manfra said.
The automated indicator sharing update will come at roughly the same time as an update to the technical standards, known as STIX and TAXII, that define how the government and other organizations share cyber threat information, Manfra said.
STIX stands for “Structured Threat Information eXpression” and TAXII stands for “Trusted Automated eXchange of Indicator Information.”