A major information-sharing program at the lead federal cybersecurity agency has stumbled mightily because of security concerns involving the agency, according to the Department of Homeland Security’s inspector general. 

America has faced a deluge of hacks and ransomware attacks against critical infrastructure systems in recent years and a new watchdog report revealed that the Cybersecurity and Infrastructure Security Agency’s problematic security may have played a critical role.  

CISA is responsible for sharing cyber threat indicators (CTI) to help digital defenders protect critical networks from hostile attacks. 

---

---

The agency’s Automated Indicator Sharing (AIS) program was designed to communicate real-time threat information and necessary defensive measures, but it hit some major obstacles, the IG investigation found. 

The inspector general said last week the cyber agency’s sharing of threat indicators dropped 93% from 2020 to 2022 “because a key federal agency stopped sharing CTIs due to unspecified security concerns with transferring information from its current system to AIS.”

The cyber agency’s security posture was not the only problem. The new IG report said the cyber agency did not determine the program’s cost and struggled to recruit and retain participants, making it difficult for auditors to determine how taxpayer funds should have been spent.

“Insufficient participation in AIS, along with the reduction in CTIs, has impeded CISA’s ability to facilitate the sharing of cyber threats in real-time,” the watchdog report said. “As a result, AIS stakeholders may be unable to identify and mitigate new cyber threats, potentially putting the nation’s critical infrastructure at risk.” 

The agency that raised concerns about CISA’s program is not named in the inspector general’s report. 

CISA often publishes advisories about cyberattackers and their tactics, techniques and procedures alongside its U.S. partners at the FBI and the National Security Agency. 

For example, the three U.S. agencies partnered with several foreign governments in September to warn that Russian military cyberattackers were targeting U.S. infrastructure, among other victims. The FBI, NSA and CISA said a Russian military unit that previously attempted coups and assassinations had expanded its purview to include offensive cyber operations. 

Under President Biden, CISA created a new unit called the Joint Cyber Defense Collaborative to allow national security and law enforcement agencies to work more closely with tech firms to battle hackers. 

Security concerns about CISA’s systems and processes are likely to persist alongside new structures designed to foster better information-sharing. 

CISA officials acknowledged earlier this year that hackers got access to details of its Chemical Security Assessment Tool, which collects information from facilities with chemicals that could be used for harm by terrorists. 

Almost six months after the hackers breached CISA, the agency told potential victims that the federal government did not know the extent of the damage.

The inspector general report published last week said CISA accepted the watchdog’s recommendations, which included creating a strategy to find and keep participants for its info-sharing program and to make plans for how to spend and document its use of taxpayer dollars.