Government Cyber Security Incident Data Base

Standard
ehackingnews dot com

Image: Ehackingnews.com

“NEXT GOV”

“Businesses could use the database to assess how their cyber practices stack up against competitors.

The federal government could upload its own cyber threat predictions.

The Homeland Security Department wants input on an idea for a broad cyber security incident database, accessible by members of the public and private sectors [and}admits there could be drawbacks to the idea, including a spike in the cost of insurance;  [In] a new white paper fleshing out the concept. 

Such a repository would ask participants to share specific but anonymized details about cyberincidents and threats, including details such as attack timeline, apparent goal and prevention measures.

Until the end of May, DHS is collecting comments on the concept and wants responses on three recent white papers it issued outlining benefits, obstacles and data points participants might be asked to contribute to the repository.

There are currently no concrete plans to build or manage that repository, DHS says, and the database could even be managed by a private organization.

But the current administration has long encouraged the public and private sectors to share more information about cyberthreats to prevent future incidents.

Last February, President Barack Obama issued an executive order directing DHS to promote “Information Sharing and Analysis Organizations” — sector- or subsector-specific groups sharing information about cyberthreats and practices, and “Information Sharing and Analysis Organizations” that would develop cyber standards.

DHS’ white papers suggest a shared repository could help organizations calculate the return on their investment in cybersecurity, helping to assess cyber risk. But “unintended consequences” of such a database include the fact that “aggregated data” showing the “total costs or impacts of certain types of incidents to certain industries” could drive up the insurance cost for common cyberincidents, DHS wrote.

The department is collecting comment on various points, including:

  • A description of the data points associated with cyberincidents that would be useful to other organizations
  • Potential benefits of a repository not mentioned in the white paper
  • Types of analysis that would be useful to a participating organization
  • Anticipated obstacles that could prevent the repository model from functioning smoothly
  • Why potential participants might say no to sharing this information”

http://www.defenseone.com/technology/2016/03/dhs-seeks-advice-building-cyber-attack-database/127038/?oref=d_brief_nl

 

Advertisements

About rosecoveredglasses

2 Tours in US Army Vietnam. Retired from 36 Years in the Defense Industrial Complex after working on 25 major weapons systems, many of which are in use today in the Middle East. Volunteer MicroMentor. I specialize in Small, Veteran-owned, Minority-Owned and Woman-Owned Businesses beginning work for the Federal Government. MicroMentor is a non-profit organization offering free assistance to small business in business planning, operations, marketing and other aspects of starting and successfully operating a small enterprise. You can set up a case with me at MicroMentor by going to: http://www.micromentor.org/ key words: "Federal Government Contracting"

2 responses »

  1. Pingback: Government Cyber Security Incident Data Base | #OdinWallace

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s