Inside Cybersecurity

October 23, 2021

Daily News

Cyber Solarium leader highlights threat information collaboration included in House defense bill

By Charlie Mitchell / September 7, 2021

The House version of the annual defense policy bill that cleared committee last week includes “key cybersecurity and critical infrastructure protection” pieces, according to Cyberspace Solarium Commission senior advisor Mark Montgomery, including language to further CISA’s work on establishing a “collaboration environment” for government-industry information sharing.

“The proposed creation of a Cyber Threat Information Collaboration Environment in the [House Armed Services Committee bill] is a recognition that to enhance cooperation with the private sector, the U.S. government needs a better way to share actionable cyber threat information,” Montgomery told Inside Cybersecurity. Montgomery is a senior director for the Foundation for Defense of Democracies, in addition to his work with the Solarium Commission.

The House Armed Services panel last week completed its markup of the fiscal 2022 National Defense Authorization Act, sending it to the House floor. Timing for a floor vote has yet to be set. The Senate Armed Services Committee marked up its version of the NDAA in July and did not include the cyber collaboration environment language.

Mark Montgomery

Mark Montgomery, Senior Advisor, Cyberspace Solarium Commission

Inclusion of the language on info-sharing collaboration comes as the Cybersecurity and Infrastructure Security Agency pushes ahead with its Joint Cyber Defense Collaborative, an effort formally unveiled by Director Jen Easterly Aug. 5 at the Black Hat conference.

The Cyber Threat Information Collaboration Environment language in the House defense bill “will also be a critical element of the Joint Cyber Defense Collaborative at CISA,” Montgomery said. “The JCDC aims to coordinate cyber defense planning and response capabilities across the government and with industry. In support of this, last year’s NDAA stood up the first two pillars of JCDC by creating the Joint Cyber Planning Office and the Integrated Cybersecurity Center. This new effort represents a third pillar.”

The House bill would create a “Cyber Threat Data Standards and Interoperability Council” chaired by the Secretary of Homeland Security “to establish data standards and requirements for public and private sector entities to participate in the information collaboration environment,” according to Section 1501 of the bill text.

The collaboration environment would:

(1) provide limited access to appropriate and operationally relevant data from unclassified and classified intelligence about cybersecurity risks and cybersecurity threats, as well as malware forensics and data from network sensor programs, on a platform that enables query and analysis;

(2) enable cross-correlation of data on cybersecurity risks and cybersecurity threats at the speed and scale necessary for rapid detection and identification;

(3) facilitate a comprehensive understanding of cybersecurity risks and cybersecurity threats; and

(4) facilitate collaborative analysis between the Federal Government and private sector critical infrastructure entities and information and analysis organizations.

It calls for CISA within six months of enactment to “(A) identify, inventory, and evaluate existing Federal sources of classified and unclassified information on cybersecurity threats; (B) evaluate current programs, applications, or platforms intended to detect, identify, analyze, and monitor cybersecurity risks and cybersecurity threats; and (C) coordinate with private sector critical infrastructure entities and, as determined appropriate by the Secretary of Homeland Security, in consultation with the Secretary of Defense, other private sector entities, to identify private sector cyber threat capabilities, needs, and gaps.”

In another development related to Solarium recommendations, House Homeland Security ranking member John Katko (R-NY) said during a hearing that he plans to introduce legislation “in the next few days” on designating “Systemically Important Critical Infrastructure,” known as SICI.

“One of the things that drew me to this committee … is the fact that there's a spirit of bipartisanship here. And there's a spirit of teamwork here that is manifesting itself again today,” Katko said during the hearing on the cyber incident reporting bill he is cosponsoring with cyber subcommittee Chairwoman Yvette Clarke (D-NY). “But going forward, there's a lot of other things like my Systemically Important Critical Infrastructure bill and many others that are going forward. And I hope we can have the same type of teamwork on that as well.”

Creating a SICI designation with responsibilities and benefits specifically for such operators was a recommendation in the Solarium Commission’s March 2020 report.

Montgomery commented, “I’m excited to see what Rep Katko is putting forward as legislation for identifying and working with Systemically Important Critical Infrastructure. It is clear that the federal government needs to work with industry to identify the most important critical functions and develop a process for working with the private sector and state and local entities to secure these systems against significant threat actors.” -- Charlie Mitchell (