August 6, 2013

FBI's Next Generation Threat Sharing System Goes Live

<p>On Monday July 29, 2013 the FBI announced the deployment of a new cyber threat information sharing utility known as ‘IGuardian.’ Rick McFeely, the FBI’s assistant director of criminal, cyber, response and services branch discussed the IGuardian system in a speech he gave at the Armed Forces Communications and Electronics Associations annual forum on Tuesday in Washington, DC.</p><p>According to Director McFeely IGuardian is intended to create a uniform vechicle for security representatives from private sector organizations to report malicious cyber activity to the US goverment. IGuardian is currently a pilot program extended to roughly 60,000 private companies, however the FBI hopes that if the pilot proves successful, the platform will become an institutionalized method of threat reporting in the US, and potentially worldwide. Director McFeely indicated that while the current capabilities of the IGuardian program are focused on text reports outlining the nature of malicious cyber activity, future augmentations to the system would allow private sector security representatives to upload actual malware samples for analysis by government cyber analysts.</p><p>The IGuardian system isn’t a wholly unique innovation. Organizations like Pittsburgh’s National Cyber Forensic Training Alliance and Carnegie Mellon’s US Computer Emergency Response Team (USCERT) have long been working to analyze data on malicious cyber activity provided by private sector security representatives. Nor, is the system a completely unique one within the FBI. In fact, IGuardian is the most recent development in the FBI’s ‘Guardian Threat Tracking System’. The initial iteration of Guardian is a threat identification program focused primarily on terrorist activity and used solely on internal, classified, FBI systems. This system was later expanded into EGuardian and exported to state and local law enforcement agencies to enable real time identification and analysis of indicators of terrorist threat activity.</p><p><img alt="" src="" style="width: 700px; height: 334px;"/></p><p>The IGuardian pilot is currently available to the 58,000 companies which are member of the FBI’s Infragard network. Infragard, which began in Cleveland, Ohio, in 1996, is a public-private partnership between industry leaders and the FBI which strives to combine the analytical prowess of the respective members to enhance the identification and mitigation of threats to information systems and US critical infrastructure. The FBI claims to have seen a high degree of success with the other variants of the Guardian Threat Tracking System and after a deluge of complaints of malicious cyber activity targeting private companies, including US financial institutions, felt it was necessary to provide a variant of its law enforcement restricted reporting systems to the private sector.</p><p>Whether or not the launch of IGuardian will cause a decrease in the amount of malicious cyber activity directed at high profile private sector organizations remains to be seen. Much of the outcome will depend on what level of disclosure of their internal systems these organizations feel comfortable providing the federal government. Some of these organizations, specifically financial institutions, have been consistently unwilling to reveal the amount of successful cyber exploitations against their networks as it could create a lack of confidence in their specific brand and instability in the financial markets writ large. What we can certainly say about this effort thought is the fact that the FBI wouldn’t be providing this platform if it weren’t receiving an extremely high volume of complaints of cyber-enabled criminal activity against private interests within the US.</p>

Get the Latest Anomali Updates and Cybersecurity News – Straight To Your Inbox

Become a subscriber to the Anomali Newsletter
Receive a monthly summary of our latest threat intelligence content, research, news, events, and more.