Page 34 - index
P. 34
Those sectors were Financial Services, Defense Industrial Base, Communications, and
Information Technology. The participating companies funded the pilot, and established a set of
objectives and performance measures prior to the launch. This effort was pursued fully
expecting to apply lessons learned to a joint, integrated, public – private operational effort as
recommended by NSTAC to the President.
The volunteer subject matter experts included technical and policy professionals, but mostly
experienced cyber practitioners. The group developed a concept of operations and built a set of
standard operating procedures. After appropriate research, a decision was made to partner
with the Financial Services Sector ISAC to create a compartment on their established portal to
leverage the relational database for receipt of anonymized data flows from the ISACs supporting
each of the four sectors.
Those data flows would initially derive from the member companies who identified abnormal,
anomalous, or even malicious behavior in the environment based on a developed matrix of
relevant information to be included in the analysis effort. The information was initially reviewed
and analyzed by the technical experts at the ISACs, anonymized, and then forwarded to the
JCC for further review.
Two dedicated cyber analysts would then examine and fuse the information in an effort to
identify patterns and trends of cyber activity of concern that would prompt issuance of
appropriate alerts and warnings, and even recommended protective measures that would be
then distributed across the membership of the participating ISACs, companies, and
organizations. This cross sector effort was joint, integrated, and coordinated on a regular basis
with the JCC analysts, the ISAC analysts, and the participating cyber practitioners.
Those issued notices would continue to be updated as more information became available or
the matter was resolved. Access was limited to credentialed participants and a Traffic Light
Protocol was utilized to identify the sensitivity level of the information submitted or distributed.
At the conclusion of the pilot, the evaluation demonstrated a significant success, meeting or
exceeding the performance measures established at the beginning. There were several
examples with empirical evidence of the ability to identify an issue in one sector that had an
impact in multiple sectors, and the early warning capability was able to improve detection,
prevention, mitigation, and response.
Throughout the pilot effort, updates were provided to DHS in anticipation of taking the findings
and results and applying them to the joint, collaborative, and integrated effort with the
government to achieve the vision of the JCC as manifested in the construct of the NCCIC.
However, that step never materialized as the Department of Homeland Security opted instead to
pursue a path of one-off engagements with private sector entities, invited by DHS in a non-
transparent manner, through a Cooperative Research and Development Agreement (CRADA)
instrument.
34 Cyber Warnings E-Magazine – March 2015 Edition
Copyright © Cyber Defense Magazine, All rights reserved worldwide
