A proposed defense policy bill set to be introduced next week includes a legislative provision directing the Department of Homeland Security to standup a new cyber threat information hub for federal and private sector stakeholders to analyze data to identify and prevent cybersecurity threats.
The Cyber Threat Information Collaboration Environment would provide a platform for “limited access” to classified and unclassified intelligence about cybersecurity risks and threats, allow for analysis of the data to quickly identify threats and risks, and enable collaboration between the government and critical infrastructures, according to House Armed Services Committee (HASC) Chairman Adam Smith’s (D-Wash.) mark of the proposed fiscal year 2022 policy bill. The committee is scheduled to mark up the bill on Sept. 1.
A similar provision was included in the HASC’s then proposed FY ’21 National Defense Authorization Act but didn’t make it into law. An executive summary of the Senate Armed Services Committee’s proposed version of the FY ’22 defense bill doesn’t mention the threat information hub.
The Cyber Threat Information Collaboration Environment would be established by DHS in coordination with the Department of Defense and the Director of National Intelligence. The mark says the threat analysis platform would be stood up within a year of the defense bill becoming law.
The provision establishing the Cyber Threat Information Collaboration Environment would also create a Cyber Threat Data Standards and Interoperability Council chaired by DHS “to establish data standards and requirements for public and private sector entities to participate in the information collaboration environment.”
The council would also identify various programs—including network monitoring and intrusion, cyber threat indicator sharing, network sensors, incident response and technical assistance, and malware forensics—that would be included in the collaboration environment.