The Cybersecurity and Infrastructure Security Agency (CISA) said that it will begin a two-year strategic effort to modernize its approach to enterprise cyber threat information sharing in 2024 “to maximize value to our partners and keep pace with a changing threat environment.”
According to a Dec. 18 blog post by CISA Associate Director Michael Duffy, the cybersecurity agency plans to “refocus and consolidate our customer-facing cyber threat intelligence offerings under a new initiative called Threat Intelligence Enterprise Services (TIES).”
“The TIES Exchange Platform will unify our information sharing capabilities under a single banner for federal agencies and certain user communities, enabling streamlined provision of cyber threat information from our partners and commercial sources,” Duffy writes. “This will offer a common view which will facilitate communications and enable threat-specific engagement.”
The agency noted that as it designs and implements the TIES program, it is working in parallel to modernize its decade-old Automated Indicator Sharing (AIS) capability which, in the future, will further complement CISA-curated threat feeds made available by this shared service platform.
“AIS was established to satisfy legislative requirements and to provide stakeholder communities with a cost-effective means by which to exchange cyber threat indicators and defensive measures with CISA and, in doing so, with thousands of cybersecurity practitioners across the country and with partners across the globe,” the blog post reads. “When it was first established, AIS was a novel model that helped many organizations around the world. But now, it’s time for a change.”
“When AIS was first designed, the U.S. Government was focused on filling an identified gap in cyber threat intelligence for many organizations and ensuring strong privacy controls. In the early days of AIS, the priority was speed,” the agency continued, adding, “A decade later, the cybersecurity industry has matured substantially; current products and services are addressing information requirements for most organizations and, in an era of information overload, practitioners still require speed but value context, precision, and tailored insights over volume and velocity alone.”
CISA’s AIS platform has come under fire from the Department of Homeland Security’s Office of the Inspector General, writing in 2022 that the service has failed to consistently provide adequate cyber threat indicators to participants for threat mitigation. The IG said those deficiencies in the quality of threat information sharing among AIS participants – which includes 52 Federal agencies – could hinder the Federal government’s ability to identify and mitigate potential cyber vulnerabilities and threats.
CISA said the process to implement the new TIES program will revolve around partner-centered design, including Federal agencies, critical infrastructure organizations, and state, local, tribal, territorial governments “to ensure that we are adding value rather than duplicating capabilities.” The agency said it plans to continuously seek feedback and ensure the TIES platform itself is built around human-centered design principles to enable ease-of-use even for under-resourced organizations.
Finally, CISA said it will focus the new TIES platform on “rigorously” learning from known challenges with the legacy AIS system while focusing on some of AIS’s successes, like privacy and confidentiality by design.
“Our goal is to facilitate collective, automated cyber defense through increased sharing and context, shaped by an acute understanding of the threat environment,” Duffy concludes. “While CISA implements this transition over the next two years, the AIS program will remain available, and we encourage users to continue leveraging this capability and actively share indicators back with CISA.”