From: ISE.gov | An Information Sharing Environment Bulletin
By: Kshemendra Paul, ISE Program Manager
Cyberattacks, resilience of critical infrastructure, and related cybersecurity concerns are escalating at exponential rates, and so are the many governmental programs attempting to mitigate the risks for all citizens as well as government and industry. As a wide range of threats expand, and cyberterrorists, cybercriminals and other nefarious actors transform their capabilities into new forms of attack, the demand for faster and more effective responses and ways of prevention grow as well. Cybersecurity programs are in place throughout many federal agencies, state/local organizations and consortia, and my office is prioritizing its efforts on cyber information sharing efforts that focus on the domestic nexus of national security and public safety.
Recently, the Criminal Intelligence Coordinating Council (CICC) released a call to action document intended to equip state, local, tribal, and territorial (SLTT) law enforcement partners with useful tools to investigate cybercrimes and train appropriate agency personnel to tackle cybercrime issues.
This evolution of the threat to the critical infrastructure in the US is fast becoming the major concern of homeland security officials at all levels of government. The ability for cyber-attacks to disrupt our infrastructure and financial systems is an obvious tool for potential terrorists that would have far-reaching consequences to America and our allies. In a fact sheet distributed at the White House Summit on Cybersecurity and Consumer Protection, it was noted that “Cybersecurity is a shared responsibility. The Federal government has the responsibility to protect and defend the country and we do this by taking a whole-of-government approach to countering cyber threats. This means leveraging homeland security, intelligence, law enforcement, and military authorities and capabilities, which respectively provide for domestic preparedness, criminal deterrence and investigation, and our national defense.”
In its role of coordinating efforts to improve information sharing, the Program Manager for the Information Sharing Environment (PM-ISE) continues to support better coordination among federal, SLTT, and international communities as well as the private sector. PM-ISE exercises its convening authority to facilitate joint development of standards for information sharing in the form of common formats for sharing incident information and urging the participation of the public and private sector in sharing such information. The prime focus for our efforts is to support ISE partners in the domestic nexus of national security and public safety – primarily but not exclusively state and local law enforcement and homeland security and their federal and private sector partners – to improve their capabilities and to leverage their investments over the past decade in terrorism-related responsible information sharing.
The National Governors’ Association (NGA) highlighted this approach, to suggest that fusion centers could be the central point for developing responses to cyber-attacks. In an issue paper associated with a Cybersecurity Summit that assembled the Governor’s cybersecurity team across 54 States and Territories that PM-ISE supported, the NGA suggested that “Fusion centers serve as a critical junction for state, federal, and private-sector intelligence collection, analysis, and dissemination. Similar to counterterrorism or disaster response, those centers play a critical role in mitigating and responding to cyber threats, sharing actionable intelligence about the latest attack and threat trends and strategies and enabling preventative action by state information security professionals. In addition, fusion centers can act as a center for coordinating the response to, and investigation of, cybercrimes and cyber intrusions against state assets and critical infrastructure.”
Mike Sena, President of the National Fusion Center Association, writes in a blog post about how fusion centers and the private sector are collaborating in the development of mutual standards for exchanging information and engaging this community of interest in collaborative ventures to prevent and respond to cyber-attacks.
I’ve written before on the role of the ISE in cybersecurity and highlighted the Fusion Center Cyber Pilot that Mike Sena referenced in his post. Increasingly, the work of the PM-ISE is that of convening stakeholders to come to rational conclusions about how to collaborate, share information, and respond more quickly to potential and actual attacks. As LTC Ray Guidetti, New Jersey State Police Deputy Superintendent of Investigation and chair of the Association of State Criminal Investigative Agencies (ASCIA) Cybersecurity committee, noted in his blog post, deconfliction remains a major issue across government and industry, and everyone needs to be a responsible party to the discussion. Standards for exchanging information on cyber events are critical components of our understanding of the extent and nature of the problems we face. We have an aggressive portfolio to address the cyber coordination and collaboration effort by focusing our energies on facilitating policy development, connecting communities of interest, and building capacity.
Over the past several years, PM-ISE used its power to convene interagency stakeholders to tackle cyber-related topics, identify, validate, and implement the information sharing requirements and architecture among the Federal Cyber Centers. Out of these facilitated sessions and working group efforts, this group marshalled the April 2015 issuance of the cyber community’s first cross-government Multilateral Information Sharing Agreement (MISA) by representatives from DOD, DHS, DOJ, the IC, and DOE. The MISA is an agreement by participants to work collaboratively to enhance cybersecurity information sharing among federal departments and agencies, with a particular focus on information exchange between network devices.
In addition, the PM-ISE sponsored the development of the International Association of Chiefs of Police’s (IACP) Law Enforcement Cyber Center which launched in May 2015 and is linked to the Fusion Center Cyber Pilot mentioned above. The purpose of the center is to speak to the needs of the Chiefs of Police and decode/de-mystify cybersecurity, by providing resources for them across job types and job functions. The outcome of the center is to identify methods to link existing agency cyber-crime units with regional/national cybercrime operational groups such as the Federal Bureau of Investigation’s (FBI) Cyber Task Forces (NCIJTF). The project will assist law enforcement in providing prevention, education, and information to citizens who are likely targets of cybercrime. Partner agencies on the Law Enforcement Cyber Center include: NFCA, IACP, DHS, CIS, BJA, RAND, PERF, and PM-ISE.
Increased investment and capacity in the cybersecurity mission space by state, local governments and Fusion Centers, as well as advancement by state and local law enforcement organizations, to conduct investigations in cyberspace brings about increased risk for investigational fratricide, and compromise and exposure of on-going investigations and intelligence operations. PM-ISE is actively engaged in the work toward developing the means for deconflicting these operations and investigations. An effort to begin gathering a common set of data on cyber incidents has been proposed in a unified message from multiple participating agencies. Such a system is essential for deconfliction to become a reality.
These challenges will grow more complex in 2016 as we see the evolution of greater mobility and the introduction of the internet of things, and the ability of the PM-ISE to foster improved collaboration across all domains will become a critical component of our national response.