- There are some significant privacy concerns to be worked out with the Automated Indicator Sharing initiative, according to an assessment released Tuesday by the Department of Homeland Security.
- The Automated Indicator Sharing initiative is an automated system intended to allow private companies to share cyberthreat indicators with the federal government without impacting privacy by stripping personally identifiable information (PII) out of the shared data.
- The system falls under the Cybersecurity Information Sharing Act (CISA), which became law last December, and was placed under the umbrella of the Department of Homeland Security.
CISA requires any personally-identifiable information that is shared through the program to be directly related to a cybersecurity threat. But the report found "residual privacy risk that these processes may not always identify and remove unrelated PII, thereby disseminating more PII than is directly related to the cybersecurity threat.”
CISA sets up incentives for businesses to share threat information with each other and government agencies and would eventually result in tools to protect both business and government networks. The Automated Indicator Sharing system is designed to work via machine-to-machine connections that share threat information in a common format over a common platform.
CISA raised significant opposition from both privacy organizations and tech companies, including Apple, prior to passage.