DHS Group Wants Homeland Security to Share Database of Cyber Incidents with Private Sector

A Department of Homeland Security working group is coming up with reasons to create a "cyber incident data repository," in which federal agencies and key industries could anonymously share information about cyber risks. 

The effort builds on a 2015 White House executive order encouraging more cyberthreat information sharing between the public and private sectors, especially through new groups called "information sharing and analysis organizations," among other recent efforts to shore up federal cybersecurity, according to a DHS white paper released last week.

A cyber repository, according to the white paper, would share information between sectors "about the financial and operational impacts of cyber events, the effectiveness of existing cyber risk controls in addressing them and the new kinds of products and services that cybersecurity solutions providers should develop."

DHS' National Protection and Programs Directorate established the "Cyber Incident Data and Analysis Working Group" to determine the value of such a repository and how to incentivize participation in the repository, among other logistical details. The group includes chief information security officers, academic experts and cyber professionals. Their opinions are outlined in the white paper.

Other potential benefits of a cyber repository include helping companies assess how their cyber precautions measure up to their peers, which could “help propel internal discussions about an organization’s cyber risk." 

Several working group participants "asserted that if a company discovers that it falls in the bottom 50 percent as compared to its peers when it comes to cyber risk preparedness, that knowledge could motivate the company to increase its cybersecurity budget and related mitigation efforts," according to the paper. But some claimed "that they have only limited knowledge about what their peers are doing regarding the implementation of cyber risk controls, their scope, and how those controls fit within overall cybersecurity strategies."

A repository could also help groups in different industries share information about potential future threats, according to DHS. 

Though "different industries tend to experience different cyber incidents and risks – for example, routine credit card hacks or hacktivist denial-of-service attacks for some and sophisticated attacks aimed at sabotage, large-scale theft, or espionage for others," participants noted that "particular attack vectors often are used during cyber incidents against multiple industry sectors."

As a result, participants said, "companies increasingly need to know not only what is happening to their most immediate industry peers, but also to other companies across the entire cybersecurity ecosystem."

The working group plans to continue discussing repositories, according to DHS, especially topics such as "which specific cyber incident data points should be shared into a repository to deliver on its value propositions" and the privacy standards that a "trusted" repository must meet, among others.

DHS officials declined to provide comment beyond what was included in the white paper. 

(Image via jijomathaidesigners/ Shutterstock.com)