DHS Seeks Advice on Building a Cyber-Attack Database

Secretary of Homeland Security Jeh Johnson hosts President Obama at the National Cybersecurity and Communications Integration Center, Jan. 13, 2015.

Official DHS photo by Barry Bahler

AA Font size + Print

Secretary of Homeland Security Jeh Johnson hosts President Obama at the National Cybersecurity and Communications Integration Center, Jan. 13, 2015.

The Department of Homeland Security admits there could be drawbacks to the idea, including a spike in the cost of insurance.

The Homeland Security Department wants input on an idea for a broad cybersecurity incident database, accessible by members of the public and private sectors. 

Businesses could use the database to assess how their cyber practices stack up against competitors, and the federal government could upload its own cyberthreat predictions, DHS suggests in a new white paper fleshing out the concept. 

Such a repository would ask participants to share specific but anonymized details about cyberincidents and threats, including details such as attack timeline, apparent goal and prevention measures.

Until the end of May, DHS is collecting comments on the concept and wants responses on three recent white papers it issued outlining benefits, obstacles and data points participants might be asked to contribute to the repository.

There are currently no concrete plans to build or manage that repository, DHS says, and the database could even be managed by a private organization.

But the current administration has long encouraged the public and private sectors to share more information about cyberthreats to prevent future incidents.

Last February, President Barack Obama issued an executive order directing DHS to promote “Information Sharing and Analysis Organizations” — sector- or subsector-specific groups sharing information about cyberthreats and practices, and “Information Sharing and Analysis Organizations” that would develop cyber standards. 

DHS’ white papers suggest a shared repository could help organizations calculate the return on their investment in cybersecurity, helping to assess cyber risk. But “unintended consequences” of such a database include the fact that “aggregated data” showing the “total costs or impacts of certain types of incidents to certain industries” could drive up the insurance cost for common cyberincidents, DHS wrote.

The department is collecting comment on various points, including: 

  • A description of the data points associated with cyberincidents that would be useful to other organizations
  • Potential benefits of a repository not mentioned in the white paper 
  • Types of analysis that would be useful to a participating organization 
  • Anticipated obstacles that could prevent the repository model from functioning smoothly
  • Why potential participants might say no to sharing this information
Close [ x ] More from DefenseOne
 
 

Thank you for subscribing to newsletters from DefenseOne.com.
We think these reports might interest you:

  • Federal IT Applications: Assessing Government's Core Drivers

    In order to better understand the current state of external and internal-facing agency workplace applications, Government Business Council (GBC) and Riverbed undertook an in-depth research study of federal employees. Overall, survey findings indicate that federal IT applications still face a gamut of challenges with regard to quality, reliability, and performance management.

    Download
  • PIV- I And Multifactor Authentication: The Best Defense for Federal Government Contractors

    This white paper explores NIST SP 800-171 and why compliance is critical to federal government contractors, especially those that work with the Department of Defense, as well as how leveraging PIV-I credentialing with multifactor authentication can be used as a defense against cyberattacks

    Download
  • GBC Issue Brief: Supply Chain Insecurity

    Federal organizations rely on state-of-the-art IT tools and systems to deliver services efficiently and effectively, and it takes a vast ecosystem of organizations, individuals, information, and resources to successfully deliver these products. This issue brief discusses the current threats to the vulnerable supply chain - and how agencies can prevent these threats to produce a more secure IT supply chain process.

    Download
  • Data-Centric Security vs. Database-Level Security

    Database-level encryption had its origins in the 1990s and early 2000s in response to very basic risks which largely revolved around the theft of servers, backup tapes and other physical-layer assets. As noted in Verizon’s 2014, Data Breach Investigations Report (DBIR)1, threats today are far more advanced and dangerous.

    Download
  • Information Operations: Retaking the High Ground

    Today's threats are fluent in rapidly evolving areas of the Internet, especially social media. Learn how military organizations can secure an advantage in this developing arena.

    Download

When you download a report, your information may be shared with the underwriters of that document.