The Cybersecurity and Infrastructure Security Agency plans to have a national strategy in place to increase the quality of cyber threat information shared by all parties within the year.
“CISA will build its national cyber threat information sharing strategy in collaboration and coordination with its partners and stakeholders,” reads the agency’s response to a recent Department of Homeland Security Inspector General report on the issue. “This national strategy is projected to be completed during the fourth quarter of FY 2021. The estimated completion date is September 30, 2021.”
The IG found that while CISA had implemented the basic requirements of a 2015 information sharing law—critics at the time decried the Cybersecurity Information Sharing Act as being more about surveillance than security—it made “limited progress” on that front during 2017 and 2018. While there were a lot of participants willing to take relevant information, there were very few willing to give it, the report said, leading to poor overall quality of the data in CISA’s Automated Indicator Sharing system.
“The limited number of participants that share cyber threat information in AIS is…
