Information sharing is essential to the protection of critical infrastructure and to furthering cybersecurity for the nation. As the lead federal department for the protection of critical infrastructure and the furthering of cybersecurity, the Department of Homeland Security (DHS) has developed and implemented numerous information sharing programs. Through these programs, DHS develops partnerships and shares substantive information with the private sector, which owns and operates the majority of the nation’s critical infrastructure. DHS also shares information with state, local, tribal, and territorial governments and with international partners, as cybersecurity threat actors are not constrained by geographic boundaries.
National Cybersecurity and Communications Integration Center (NCCIC)
DHS’s National Cybersecurity and Communications Integration Center (NCCIC) is a 24/7 cyber situational awareness, incident response, and management center that is a national nexus of cyber and communications integration for the federal government, intelligence community, and law enforcement. The NCCIC shares information among public and private sector partners to build awareness of vulnerabilities, incidents, and mitigations.
Cyber Information Sharing and Collaboration Program (CISCP)
The Cyber Information Sharing and Collaboration Program (CISCP) is DHS’s flagship program for public-private information sharing. In CISCP, DHS and participating companies share information about cyber threats, incidents, and vulnerabilities. Information shared via CISCP allows all participants to better secure their own networks and helps support the shared security of CISCP partners. Further, CISCP provides a collaborative environment where analysts learn from each other to better understand emerging cybersecurity risks and effective defenses.
Enhanced Cybersecurity Services (ECS)
Enhanced Cybersecurity Services (ECS) is a voluntary information sharing program that helps U.S.-based public and private entities protect their systems from unauthorized access, exploitation, or data exfiltration. DHS works with cybersecurity organizations from across the federal government to gain access to a broad range of sensitive and classified cyber threat information. DHS develops indicators based on this information and shares them with qualified Commercial Service Providers (CSPs), thus enabling them to better protect their customers.
Information Sharing and Analysis Centers (ISACs)
Sector-specific Information Sharing and Analysis Centers (ISACs) are non-profit, member-driven organizations formed by critical infrastructure owners and operators to share information between government and industry. While the NCCIC works in close coordination with all of the ISACs, a few critical infrastructure sectors maintain a consistent presence within the NCCIC.
The Multi-State Information Sharing and Analysis Center (MS-ISAC) receives programmatic support from and has been designated by DHS as the cybersecurity ISAC for state, local, tribal, and territorial (SLTT) governments. The MS-ISAC provides services and information sharing that significantly enhances SLTT governments’ ability to prevent, protect against, respond to and recover from cyberattacks and compromises. DHS maintains operational-level coordination with the MS-ISAC through the presence of MS-ISAC analysts in the National Cybersecurity and Communications Integration Center (NCCIC) to coordinate directly with its own 24x7 operations center that connects with SLTT government stakeholders on cybersecurity threats and incidents.
In addition to the MS-ISAC, representatives of the Communications ISAC maintain a presence at DHS through the NCCIC’s National Coordinating Center for Communications (NCC), with resident members from the nation’s major communications carriers on site. The Financial Services Information Sharing and Analysis Center (FS-ISAC) and the Aviation Information Sharing and Analysis Center (A-ISAC) also maintain a presence within the NCCIC.
Information Sharing and Analysis Organizations (ISAOs)
Like Information Sharing and Analysis Centers (ISACs), the purpose of Information Sharing and Analysis Organizations (ISAOs) is to gather, analyze, and disseminate cyber threat information, but unlike ISACs, ISAOs are not sector-affiliated. Executive Order 13691 – Promoting Private Sector Cybersecurity Information Sharing calls for the development of ISAOs in order to promote better cybersecurity information sharing between the private sector and government, and enhance collaboration and information sharing amongst the private sector.
DHS is responsible for the execution of Executive Order 13691. Its role is threefold: DHS will select, through an open and competitive process, a non-governmental organization to serve as the ISAO Standards Organization, which will identify a set of voluntary guidelines for the creation and functioning of ISAOs; DHS will engage in continuous, collaborative, and inclusive coordination with ISAOs via its NCCIC; and DHS will develop a more efficient means for granting clearances to private sector individuals who are members of an ISAO via a designated critical infrastructure protection program.
This new ISAO model complements DHS’s existing information sharing programs and creates an opportunity to expand the number of entities that can share threat information with the government and with each other, reaching those who haven’t necessarily had the opportunity to participate in such information sharing.
Automated Indicator Sharing
DHS is leading a community effort to accelerate information sharing between network defense and incident response organizations and communities around the world. This new initiative, available through the NCCIC, is called Automated Indicator Sharing (AIS) . AIS connects participating organizations to a DHS-managed system that allows bi-directional sharing of cyber threat indicators, helping to build a common, shared knowledge of current cyber threats. By automating the sharing of anonymized actionable indicators in real (or near-real) time, AIS enables improved situational awareness about emerging threats and facilitates rapid detection, prevention, and mitigation of threats without compromising the trust and confidentiality of participants.
Protected Critical Infrastructure Information Program (PCII)
The Protected Critical Infrastructure Information (PCII) Program is an information-protection program that enhances voluntary information sharing between infrastructure owners and operators and the government. PCII protections mean that homeland security partners can be confident that sharing their information with the government will not expose sensitive or proprietary data.