The Automated Indicator Sharing (AIS) network of the Department of Homeland Security (DHS) enables the sharing of cyberthreat indicators among federal government agencies and private sector organizations. These indicators can be anything from IP addresses deemed to be malicious to the address of a sender of phishing emails.

Information Sharing Is Vital to Security

The DHS states that sharing of cyberthreat information is vital to protecting the nation, and critical infrastructure in particular. By sharing indicators through the AIS network, criminals will only be able to use a particular attack pattern once, increasing the cost and burden of launching attacks. Since participating organizations are collaborating for the common good, it’s easier and quicker to build up threat indicator information and share it among participants.

Participants in the AIS network, which is free, connect to a system in the DHS National Cybersecurity and Communications Integration Center via a dedicated server on their own premises for bidirectional sharing of information, allowing them to both share and receive information related to threat indicators they’ve seen. The network leverages the STIX and TAXII standards for exchanging cyberthreat information.

The network places an emphasis on speed and volume, aiming for threat indicators to be shared as widely and quickly as possible so as not to delay any potential response when attacks occur. Although it’s up to participants to validate the accuracy and severity of threat indicators, a reputation score is assigned to indicators once more information about them becomes available.

Participation Expands

The AIS network was launched in October 2015 and has now grown to some 50 participating organizations, around 40 of which are from the private sector. The network offers liability protection for those providing threat indicator information and allows participating organizations to share information anonymously if they prefer. If an entity wants to share information with the government but isn’t comfortable doing it itself, it can do so through one of the participating organizations.

As with any network, its value increases as more participants sign up and start using it. The network was set up as a result of the passing of the Cybersecurity Information Sharing Act of 2015, which aimed to encourage security information sharing between the public and private sectors. The network was set up quickly, and DHS released guidelines in June for private sector companies that wish to participate. To increase its effectiveness, the goal now is to further develop its capabilities and encourage wider participation.

Information sharing is crucial to protecting your enterprise from cyberattack. Here are some key cybersecurity issues, and what your business can do to overcome them.

Posts By

Fran Howarth

Fran Howarth is an industry analyst specializing in security. She has worked within the security technology sector for over 25 years as an analyst, consultant and writer. Fran focuses on the business needs for security technologies, with a focus on emerging technology sectors. Current areas of focus include mobile security, cloud security, information governance and data security, identity and access management, network and endpoint security, security intelligence and analytics, and security governance and regulations. Follow Fran on Twitter: @FranNL

View more posts by Fran Howarth