Security Experts:

DHS to Share Zero-Day Intelligence

The U.S. Department of Homeland Security (DHS) is developing a system that will enable classified vulnerability data to be shared with the private sector. The information, primarily Zero-Day vulnerability data, will be sold via a select group of service providers.

To date, Raytheon, AT&T, and Northrop Grumman have been tapped to broker the Zero-Day data from the government to the private sector. The program, called Enhanced Cybersecurity Services, expands on President Obama’s order earlier this year to increase the level of information sharing between the government and private sector as it relates to cybersecurity.

During the Reuters Cybersecurity Summit last week, DHS Secretary Janet Napolitano said that the service was a way to share information about known vulnerabilities that may not be commonly available. Backing her statements, House Intelligence Committee Chairman Mike Rogers said he was glad about the plan to share vulnerability data.

“This can't happen if you post it on a website. We have to find a forum in which we can share it, and 10 providers serve 80 percent of the market. We have classified relationships with a good number of them.”

Pricing for the information sharing service will be determined by the provider and organizations of any size could participate, but they’ll first need to be categorized as critical infrastructure.

“Most obviously, the U.S. government wants it both ways,” Andrew Braunberg, research director for NSS Labs, said in a statement to CSO.

“They don't really want these vulnerabilities to disappear because they want to use them offensively, but they don't want the same vulnerabilities to allow hacking of U.S. assets.”

Experts have warned that zero-day threats are just one small part of a very large picture, expressing their desire to see the government do more. Others have noted that the notion of price turns the program into a protection racket.

“Threat intelligence sharing has been shown to strengthen network defenses, which is why enterprises should take advantage this step forward,” Lila Kee, chief product and marketing officer of GlobalSign, said in an email to SecurityWeek.

“It is also important to remember that sharing alone is not enough. Hopefully, in cases such as this, the exchange of intelligence will allow organizations to develop a more proactive and nimble approach to patch management that can be used to improve defensive postures.”

view counter
Steve Ragan is a security reporter and contributor for SecurityWeek. Prior to joining the journalism world in 2005, he spent 15 years as a freelance IT contractor focused on endpoint security and security training.