The Department of Homeland Security wants to create a social network that businesses can use to exchange advanced knowledge of cyberattacks, an effort that echoes what a number of private sector organizations have created but is intended to operate on a larger scale.
In a pre-solicitation statement, the agency said it wanted to develop software to help small and medium-sized businesses communicate with each other and identify hacking attempts.
“What does not yet exist is a peer-to-peer version of this reporting activity, where an organization can directly leverage related experiences of thousands of organizations and companies,” DHS said.
With the investment, the agency hopes that participating businesses have better internal risk assessment capabilities, outside context and more detailed information-sharing mechanisms.
The plan calls for the software to be released on GitHub with the hopes it will be used by current cyberthreat-sharing organizations.
There is value in having the DHS proposal be interoperable with threat-sharing organizations software so that systems can interact and share information more broadly, a spokesperson for the Cyber Threat Alliance, a private intelligence sharing tool, told Fifth Domain.
The new social network model also exhibits similarities to the Automated Indicator Sharing program, a hub of cyberattacks and hacks managed by the Department of Homeland Security that the federal government uses to share information with the private sector, but it is not clear how the two systems will interact.
The commonality the systems and proposals share is that they try to eliminate the possibility an attacker can use a virus more than once. Researchers have found that threat intelligence sharing can be a useful way for companies to defend against cyberattacks because attackers often use similar tactics and toolkits.
For example, the threat intelligence firm Crowdstrike has found that Chinese hackers often use the same tactics within a 24-hour period, so the ability to share the characteristics and possible code of a cyberattack could give government and military network administrators an indicator of how to cut off future attack vectors.