Security Experts:

Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Incident Response

DHS to Share Zero-Day Intelligence

The U.S. Department of Homeland Security (DHS) is developing a system that will enable classified vulnerability data to be shared with the private sector. The information, primarily Zero-Day vulnerability data, will be sold via a select group of service providers.

The U.S. Department of Homeland Security (DHS) is developing a system that will enable classified vulnerability data to be shared with the private sector. The information, primarily Zero-Day vulnerability data, will be sold via a select group of service providers.

To date, Raytheon, AT&T, and Northrop Grumman have been tapped to broker the Zero-Day data from the government to the private sector. The program, called Enhanced Cybersecurity Services, expands on President Obama’s order earlier this year to increase the level of information sharing between the government and private sector as it relates to cybersecurity.

During the Reuters Cybersecurity Summit last week, DHS Secretary Janet Napolitano said that the service was a way to share information about known vulnerabilities that may not be commonly available. Backing her statements, House Intelligence Committee Chairman Mike Rogers said he was glad about the plan to share vulnerability data.

“This can’t happen if you post it on a website. We have to find a forum in which we can share it, and 10 providers serve 80 percent of the market. We have classified relationships with a good number of them.”

Pricing for the information sharing service will be determined by the provider and organizations of any size could participate, but they’ll first need to be categorized as critical infrastructure.

“Most obviously, the U.S. government wants it both ways,” Andrew Braunberg, research director for NSS Labs, said in a statement to CSO.

“They don’t really want these vulnerabilities to disappear because they want to use them offensively, but they don’t want the same vulnerabilities to allow hacking of U.S. assets.”

Experts have warned that zero-day threats are just one small part of a very large picture, expressing their desire to see the government do more. Others have noted that the notion of price turns the program into a protection racket.

“Threat intelligence sharing has been shown to strengthen network defenses, which is why enterprises should take advantage this step forward,” Lila Kee, chief product and marketing officer of GlobalSign, said in an email to SecurityWeek.

“It is also important to remember that sharing alone is not enough. Hopefully, in cases such as this, the exchange of intelligence will allow organizations to develop a more proactive and nimble approach to patch management that can be used to improve defensive postures.”

Written By

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Expert Insights

Related Content

Application Security

Cycode, a startup that provides solutions for protecting software source code, emerged from stealth mode on Tuesday with $4.6 million in seed funding.

Cyberwarfare

Websites of German airports, administration bodies and banks were hit by DDoS attacks attributed to Russian hacker group Killnet

Data Breaches

GoTo said an unidentified threat actor stole encrypted backups and an encryption key for a portion of that data during a 2022 breach.

Network Security

NSA publishes guidance to help system administrators identify and mitigate cyber risks associated with transitioning to IPv6.

CISO Strategy

Cybersecurity-related risk is a top concern, so boards need to know they have the proper oversight in place. Even as first-timers, successful CISOs make...

Management & Strategy

Industry professionals comment on the recent disruption of the Hive ransomware operation and its hacking by law enforcement.

Identity & Access

Hackers rarely hack in anymore. They log in using stolen, weak, default, or otherwise compromised credentials. That’s why it’s so critical to break the...

Cloud Security

VMware vRealize Log Insight vulnerability allows an unauthenticated attacker to take full control of a target system.