New senior DHS cyber official aims to deliver better data to threat analysts
The Department of Homeland Security’s new senior cybersecurity official has his marching orders: Streamline the reams of data collected by analysts at DHS’s Cybersecurity and Infrastructure Security Agency so it’s all more useful for tracking hackers.
“One of my top three priorities” will be “modernizing all of our data systems, tools, AI, and analytics,” Bryan S. Ware, CISA’s assistant director for cybersecurity said Tuesday in some of his first public remarks since being tapped for the role. CISA needs to move away from “legacy programs’ and toward “multi-cloud environments” to support its threat analysts, he said.
DHS officials are banking on Ware’s background as an artificial intelligence entrepreneur, and the data-crunching skills that come with it, to make the 1s and 0s that CISA receives from the private sector and intelligence community more intelligible to network defenders. This week, he succeeded Jeanette Manfra as DHS’s senior official focused exclusively on cybersecurity after Manfra left to join Google Cloud.
DHS has for years sought to improve threat information sharing with U.S. businesses. While officials are trying to share more quality information, some of the agency’s programs remain more popular than others. With its Automated Indicator Sharing program, for example, DHS has struggled to convince companies to send the department data.
CISA officials must also include more context with the threat data they send to public and private organizations because of malicious hackers’ penchant for deception, Ware said.
Ware explained the challenge before him: CISA has access to sensitive personal data in the private sector that it is unable share with intelligence agencies, he said. Meanwhile, CISA officials are continuously prodding those agencies to share more details that could be useful for major firms trying to fend off hackers.
“There are things the intelligence community has [that] we want to move down in classification so we can get indicators, for example, into systems that are used by commercial industry,” Ware said at the Data Cloud Summit presented by Cloudera and produced by FedScoop.
Meanwhile, CISA also needs to make sure it doesn’t drown in data, added Ware, a former executive at analytics company Haystax Technologies. The agency is sharing tens of millions of “indicators of compromise” — the digital fingerprints of a given attacker — with the private sector each week, he said, and has access to a deluge of other network data.
“Even with that volume, or maybe even sometimes because of that volume, it’s really hard to see things that are important,” Ware said.
Ware appealed for greater collaboration with the private sector, and with the federal agencies that CISA is charged with protecting. CISA’s actual visibility into the .gov domain used by other agencies is “fairly limited,” he said, meaning the cybersecurity agency needs others in government to share threats they’re seeing. “We sit at the gateways to those networks,” he said. “The departments and agencies have that visibility.”
