Under the terms of the Cybersecurity Act of 2015 (CISA), the Department of Homeland Security (DHS) has announced itself ready to launch its automated threat-sharing system, an automated cybersecurity intelligence exchange between private industries and other organizations. DHS’s Automated Indicator Sharing (AIS) system is a new tool that “DHS and other federal agencies will use to electronically [to] share cyberthreat data, in virtually real-time, with businesses, critical infrastructure partners, non-profits, academic institutions, foreign allies, Information Sharing and Analysis Centers (ISACs) and Information Sharing and Analysis Organizations (ISAOs).”
This new tool will play a crucial role in the implementation of CISA’s information sharing guidelines because, according to DHS, “when one participant detects a threat, all participants in AIS will learn about it,” making cyberthreat data sharing both instantaneous and widespread. This two-way sharing of cyber intelligence through AIS has officially been launched but, DHS has noted that the process will evolve as new entities join the “information-sharing ecosystem.” While CISA does guarantee civil, regulatory and antitrust liability when sharing cyberthreat information, many companies still remain hesitant to share such details with the government. The National Retail Federation, which has been a longtime supporter of CISA, expects the bill to play a crucial role in detecting and preventing cyberthreats and has stated, “Sharing information on cyberthreats will create an atmosphere of community vigilance that will ensure that consumers’ sensitive data is kept safe.”