The Department of Homeland Security is expanding use of a method for “machine-to-machine” data sharing of cyber-threat indicators with the financial services industry.
Phyllis Schneck, deputy undersecretary for cybersecurity at the department’s National Protection and Programs Directorate (NPPD), said during a December 9 hearing of the Senate Committee on Banking, Housing and Urban Affairs that automated information sharing was “one of the most exciting things” to come out of efforts to strengthen the cybersecurity of the nation’s critical
infrastructure.
With 85 percent of infrastructure in private hands in the US, such information sharing and “capability development partnership” was crucial to defense efforts, she said.
Two programs, Structured Threat Information eXpression (STIX) and Trusted Automated eXchange of Indicator Information (TAXII), are enabling banks and other financial services companies to block distributed denial of service attacks.
“There have been increasingly powerful DDoS incidents impacting leading US banking institutions in 2012 and 2013 and some high-profile media coverage of financial sector cybersecurity issues in 2014,” Schneck said.
The programs have allowed the department’s US Computer Emergency Readiness Team to identify 600,000 DDoS-related IP addresses, collect other information about attackers and relay it all to companies and foreign allies at “machine speed.” She said the team, which still relies on phone or email to notify some companies about threats, is increasing use of the programs.
US-CERT, along with the FBI and other agencies, also provides on-site technical assistance, or “boots on the ground,” to companies under attack. It works with federal civilian agencies to ensure systems are not vulnerable to takeover as a part of a botnet, or infected network, which is used by cybercriminals to deflect attribution in DDoS attacks.
Schneck also said her department is building a potential market for cyber insurance.
“We want to incentivize even the smallest companies to budget for cyber security,” she said.
Other initiatives include building a “Weather Map” of cyber conditions based on data “from agencies we protect, with full collaboration from our privacy and civil liberties experts,” as well as instituting an exercise program to test procedures for responding to a significant cyber incident in the financial services industry.
