The Department of Homeland Security‘s U.S. Computer Emergency Readiness TeamÂ plans to implement a new approach to cybersecurity information sharing through automation, Federal News Radio reported Thursday.
Jason Miller writes that US-CERT Deputy DirectorÂ Brad Nix said the agencyÂ will use the Structured Threat Information eXpression andÂ Trusted Automated eXchange of Indicator InformationÂ technical specifications within the next few months.
NixÂ told the station that STIX and TAXII will work alongside existingÂ standards to support a structured cloud-based information-sharing program.
“The idea behind the use of the cloud for the STIX/TAXII server is to enable the access to the information with the appropriate level of control so that organizations can submit information but also can retrieve information that is relevant to them,” he said.
“We want to set up an environment that is risk rated at the right level to facilitate the sharing of information, but still provides the appropriate levels of confidentiality, integrity and availability controls that would be required for an organization that actually depends on the information.”
Miller reports that DHS has been testing STIX and TAXII for the past two years.
Nix noted that the department also continues to work toward greaterÂ trust between the private and public sectors through theÂ Cyber Information Sharing and Collaboration Program.