Over the past few years, a lot of experts from both the public and private sectors have called for a new outlook on the nation’s cybersecurity approach. One of the most most popular ideas has come in calls to
mimic health organizations like the Centers for Disease Control and Prevention or the American Red Cross.
White House Cybersecurity Coordinator Michael Daniel has a different idea in mind. He would rather mimic weather forecasts.
Daniel elaborated on this idea during a meeting Wednesday with the National Institute of Standards and Technology’s Information Security and Privacy Advisory Board while explaining his vision for the newly unveiled
Cyber Threat Intelligence Integration Center. He sees the new center eventually getting to a point where information sharing becomes so automated that enough data can be pulled together for “broad trim lines” to be built from “weather maps” of cyberspace. That map can then be used by both companies and individuals to secure their digital assets, forecasting what they need to prepare for and when they need to prepare for it.
“Part of that [idea] is ‘Can we use that to normalize things and begin to eliminate the noise?’ The really sophisticated bad guys hide in the noise,” Daniel said. “To the extent that we can start to eliminate some of that noise through this weather map idea, we can make it harder for the advanced bad guys to hide.”
In the meantime, Daniel wants to use CTIIC to deepen the relationships between the public and private sector when it comes to information sharing. He said the Obama administration understands that “playing defense” is no longer a winning strategy when it comes to cybersecurity and a “change in culture and interaction” is need from both the government and private sector.
“The key thing that we are driving toward in all of these areas is a recognition that no one particular entity, either within the government or even the government itself, can do this job alone,” Daniel said. “This truly has to be done in partnership.”
Even with the heightened interest in information sharing, Daniel said it will take years to forge those relationships and “doesn’t have any idea of what they will look like.”
A good starting point for those new public-private relationships will come at Friday’s
White House Cybersecurity Summit, where Daniel said he will be looking to “move beyond” talking about the need for better information sharing.
“Some of us have been talking about information sharing for an extremely long period of time,” he said. “It’s now time to talk about how we are going to do it in concrete terms. If we can start to get some of that as an outcome of the summit, then I will consider [the summit] to be highly successful.”
CTIIC’s Inner Workings
As far as the actual structure for CTIIC, Daniel described staffing the center similar to how U.S. Digital Services is set up: While there may be full-time employees in order to maintain institutional knowledge, the rest of the staff come from different agencies (likely the Department of Homeland Security or FBI) for a tour of duty and then return to their home agency to better communicate with the private sector.
“For the moment, we see this like a government back office that can enable the centers to do their job better and enable the White House to do better coordination functions with the agencies,” Daniel said.
How that staff shares information could look similar to the way the government communicates with the financial services sector. Daniel said the federal government is “very interested” in
Structured Threat Information Expression (STIX) as a standard language for sharing threat information as well as the Trusted Automated Exchange of Indicator Information (TAXII) as the main transport system for how that information is shared. These systems are in place in the financial world, giving customers threat information in real time.
Daniel said he expects DHS to start building the same capability for use across the federal government in the next few months.
“[President Obama] called for it in his legislative package, the ability for DHS to be the portal, so we are very much building out he capability to make that real,” Daniel said. “Five years ago that would have been a fantasy. Three years ago, that would have been a stretch. Now, it’s a matter of policy to make that happen.”