The Department of Homeland Security’s office of inspector general has recommended that the Cybersecurity and Infrastructure Security Agency enable accurate reporting by establishing a process to verify the number of cyberthreat indicators and defensive actions being shared through CISA’s Automated Indicator Sharing platforms.
CISA should also come up with a new approach to encourage federal agencies and industry to comply with data sharing requirements and agreements to help improve information sharing under the Cybersecurity Act of 2015, the OIG said in an Aug. 16 report.
The inspector general made the recommendations after it found deficiencies in the quality of data shared with AIS participants, including the lack of contextual information in cyberthreat indicators.
“Deficiencies in the quality of threat information shared among AIS participants may hinder the Federal Government’s ability to identify and mitigate potential cyber vulnerabilities and threats,” the OIG report reads.
The inspector general also called on CISA to complete AIS 2.0 upgrades and prioritize the recruitment of operational and administrative staff to carry out strategic planning, performance measurement and analysis in order to mitigate cyber risks.