DHS Cyber Incident Data and Analysis Working Group

Cybersecurity continues to emerge as a crucial endeavor for both the public and private sectors alike. In an attempt to address cyber threats, the Department of Homeland Security (DHS) organized four separate Cybersecurity Insurance Working Sessions between 2012-2014, where cybersecurity professionals “examined the existing cybersecurity insurance marketplace, described obstacles to expanding and improving it.” One of the byproducts of these sessions was the establishment of the Cyber Incident Data and Analysis Working Group (CIDAWG) within DHS’s National Protection and Programs Directorate (NPPD). Members of the CIDAWG consist of key stakeholders within the cybersecurity community including “chief security officers from critical infrastructure sectors, insurers, and other cybersecurity professionals.” The function of the group is to research and develop findings on the following four points of emphasis:

  1. “The value of a cyber incident data repository
  2. The cyber incident data points that should be shared into a repository to support to support needed analysis
  3. Methods to incentivize such sharing on a voluntary basis
  4. A potential repository’s structure and functions”

To date, the group has produced three working papers documenting their conclusions on the topic of Enhancing Resilience Through Cyber Incident Data Sharing and Analysis. These reports and their main ideas are listed below.

The Value Proposition for a Cyber Incident Data Repository (June 2015) – “This document outlines the benefits of a trusted cyber incident repository that enterprise risk owners and insurers could use to anonymoulsly share sensitive cyber incident data.”

Establishing Community-Relevant Data Categories in Support of a Cyber Incident Data Repository (September 2015) – “This document enumerates and evaluates consensus data categories that enterprise risk owners and insurers could use to assess risks, identify effective controls, and improve cybersecurity culture and practice.”

Overcoming Perceived Obstacles to Sharing into a Cyber Incident Data Repository (December 2015) – “This document identifies perceived obstacles to voluntary cyber incident data sharing and offers potential approaches to overcoming those obstacles.”

For more information on the CIDAWG, DHS Cybersecurity Insurance Working Sessions, and supplementary resources pertaining to cyber risk management, click here to visit the DHS website on Cybersecurity Insurance. Additionally, the Homeland Security Digital Library offers a broad selection of documents related on Cyber Policy, Cyber Infrastructure Protection, and Cyber Crime & National Security (some resources may require HSDL login).


Article formerly posted at https://www.hsdl.org/blog/newpost/view/dhs-cyber-incident-data-and-analysis-working-group