The Homeland Security Department (DHS) formally began sharing details of new digital threats with private business and other government agencies, a culmination of a longtime effort to improve cybersecurity. Under a new law, DHS programmed its systems to remove personally identifiable information that might be included that private companies might share. If information pertains to a specific threat of economic damage, death or serious injury or the effort to prosecute or prevent the exploitation of a minor, personal information may be passed on to other agencies.
Information sharing and analysis centers, which industry groups operate, will likely participate in the new program, DHS officials said. The platform, which is voluntary, will ingest indicators from government and private-sector sources, automatically remove unnecessary personally identifiable information, then disseminate the indicators to participants, reported the Wall Street Journal.
About 58 percent of respondents at a recent CIO Network conference said the new law would make it more likely for them to cooperate with the government if their systems were hacked, reported the Wall Street Journal. The initiative has about six participants spanning the energy and technology sectors, as well as both small and large companies, said Andy Ozment, DHS’ assistant secretary for cybersecurity and communications. Groups have begun testing their ability to share and receive indicators, but there is not yet sharing at a massive scale. Early adopters have an advantage, because their feedback can help shape the direction of the platform.
Rep. Michael McCaul, R-Texas, chairman of the House Committee on Homeland Security, praised the new effort following recent hacks against Sony Pictures Entertainment Inc. and the Office of Personnel Management. More than 21 million Americans had their personal information stolen in the OPM hack, which the U.S. believes was a Chinese espionage operation.