CISA Aims to Enhance Data Quality, Threat Mitigation
The IG report found that while CISA “has increased the number of cyberthreat indicators and defensive measures shared with program participants,” the AIS information “did not contain enough detail to fully mitigate potential threats.”
Specifically, the report found that “AIS indicators shared with participants did not contain actionable information, including sufficient context or background details to effectively protect Federal and private networks.” The IG report said that examples of contextual information may include IP addresses, domain names or hash files, “which may be helpful for determining the appropriate course of action to mitigate threats against networks.”
As Nextgov reports, “while there were a lot of participants willing to take relevant information, there were very few willing to give it,” leading to poor data quality. The report recommends that CISA “place priority on hiring administrative and operational staff needed to conduct outreach, training, and performance measurement to improve the AIS program’s operational effectiveness.”
In addition to creating the national information sharing strategy, CISA says it plans to “build out and formalize AIS with structure and resources to better manage its indicator sharing and threat information sharing activities.” CISA also expects to complete a “Cyber Threat Information Sharing Roadmap” by the end of 2020, “which will outline the approach needed to improve the operational effectiveness of AIS.”
Meanwhile, in late September, CISA released an update to its action plan for improving federal cybersecurity in fiscal years 2020 and 2021. By Sept. 30, CISA says, its goal is to mitigate within 30 days 75 percent of “critical and high configuration-based vulnerabilities identified through high value asset assessments.”
To help do so, CISA says it will “deliver tools and technical support to fill critical gaps in agencies’ cybersecurity capabilities and leverage policy directives and authorities to establish requirements and expectations for timely mitigation of vulnerabilities.” Those tools will include CDM, cyber hygiene scanning and high-value asset assessments.
CISA also says it will help agencies better manage cybersecurity risks “by tracking exposure to threats and heightening awareness of assets, users, and events on their networks to support risk informed cybersecurity decisions and actions.” Additionally, another core strategy at CISA will be to “defend the federal enterprise and target its efforts toward identifying and preventing the most significant threats through analysis, alerts, and intrusion detection and prevention technologies.”
EXPLORE: How are feds approaching zero trust?
What Is Next for the CDM Program?
In terms of the CDM program itself, CISA is aiming to improve both agency and federal-level dashboards that collect cybersecurity information. The agency wants to improve the quality of the data flowing into the dashboards, MeriTalk reports.
Kevin Cox, the CDM program manager, spoke about CISA’s goals for the program during a virtual event on Sept. 29 organized by Federal News Network.
Improving the dashboards “really opens everything up for us from a scalability viewpoint,” Cox said, according to MeriTalk. “And it opens things up for agencies by ten-fold, or even 100-fold,” he said.
Enhanced dashboard infrastructure, Cox said, will “help agencies with risk management, getting in front of risk, and understanding risk.”
Cox added that CISA wants “to ensure that the quality of the data coming up from the sensors is there, and then really operationalize the data” to help agencies better understand their cybersecurity risks.