Auditor Reports Limited Progress in CISA’s Threat Information Sharing Program

The Cybersecurity and Infrastructure Security Agency made limited progress in improving the quality of threat information, an auditor said.

CISA uses a system called Automated Indicator Sharing to threat information between the government and the private sector, the Department of Homeland Security Office of Inspector General said.

A review of CISA’s performance in 2019 and 2020 showed that the quality of threat information that AIS participants received was not good enough.

According to stakeholder interviews by OIG, CISA’s threat indicators lacked the contextual information needed to make them helpful for decision makers.

OIG attributed the shortcoming to the AIS system’s limited functionality and lack of staffing, among other factors. The same issues were reported in an edition of the report for 2017 and 2018.

Inspectors general are required to conduct such an evaluation every two years to gauge agencies’ compliance with the Cybersecurity Information Sharing Act of 2015.

The DHS OIG did acknowledge CISA’s success in meeting the basic information sharing requirements of the Cybersecurity Information Sharing Act.

For the shortcomings, OIG recommended that the agency complete system upgrades, improve its staff training and recruitment efforts, encourage compliance with information sharing agreements and develop a formal reporting process.

CISA concurred with all four recommendations. The agency added that it increased the number of federal AIS participants by 15 percent and the number of non-federal participants by 13 percent across 2019 and 2020.