The Department of Homeland Security’s (DHS) free Automated Indicator Sharing (AIS) capability enables the exchange of cyber threat
indicators between the federal government and the private sector at machine speed. Threat indicators are pieces of information such as
malicious IP addresses or the sender address of a phishing email (although they can also be much more complicated).
AIS is a part of DHS’s effort to create an ecosystem that would allow a company or federal agency to share an indicator in real time
with all of our partners as soon as it has observed an attempted compromise, protecting the partners from that particular threat. That means adversaries can only use an attack once, which increases their costs
and ultimately reduces the prevalence of cyber attacks. Although AIS won’t eliminate sophisticated cyber threats, it will allow
companies and federal agencies to concentrate more on them by clearing away less sophisticated attacks.
Ultimately, the goal is to commoditize cyber threat indicators through AIS so that tactical indicators are shared broadly among the public
and private sector, enabling everyone to be better protected against cyber attacks.
JHU/APL is working with DHS and the participant community to encourage bidirectional sharing through the use of AIS while making the shared
indicators more operationally useful. This work includes tackling complex technical problems such as enhancing trust in the indicators
shared and addressing the issues of duplication and relevancy. Additionally, APL is relating the potential for automation to the sharing
of cybersecurity threat data through the collaboration between IACD and AIS.
For more information, visit the DHS AIS website.
Click here to read the AIS Fact Sheet.