Enhance Shared Situational Awareness Initiative
The vision of the Enhance Shared Situational Awareness (ESSA) Initiative is to create real-time cybersecurity situational awareness, to enable integrated operational actions, and to improve the security of the U.S. Government and U.S. critical infrastructure. ESSA lays the foundation to share the right information, in time to make a difference, and in formats that reduce human workload and speed time to action.
Achieving Cyber Shared Situational Awareness
Through the ESSA Initiative, the Federal cybersecurity centers listed below developed an information-sharing framework and shared situational awareness (SSA) requirements, collectively known as Information Sharing Architecture (ISA):
- Defense Cyber Crime Center (DC3)
- Intelligence Community Security Coordination Center (IC-SCC)
- National Cybersecurity and Communications Integration Center (NCCIC)
- National Cyber Investigative Joint Task Force (NCIJTF)
- National Security Agency / Central Security Service (NSA / CSS) Threat Operations Center (NTOC)
- United States Cyber Command (USCYBERCOM) Joint Operations Center (JOC)
Achieving cyber SSA occurs through implementing the ISA, to achieve real-time (machine speed) sharing of a cyber-threat information. Furthermore, ISA implementation will enable shared cyber situational awareness among cyber mission partners (U.S. Federal Cyber Centers, other U.S. government, U.S. critical infrastructure owners, and key allies). This shared cyber situational awareness supports both individual and integrated response actions to prevent and protect against cyber adversary activity and when that fails, to respond to and recover quickly from cyber-attacks.
The following four documents have been designated as core documents because they are fundamental to ESSA’s strategic goals and technical practices.
- Consensus across the Intelligence Community, Department of Defense, Department of Homeland Security and Department of Justice national cyber centers as to:
- The types of information to be shared, and
- The standards to be used for the platforms to exchange and share that information (e.g. STIX, TAXII, and Access Control Specification v2 (ACS))
- Several specific applications of information sharing to create SSA
- Federated Malware Information Query, Foreign Activity in Domestic Space, Near Real Time Messaging Service (TS and U)
- Leveraging multiple existing agency efforts to deliver a common set of capabilities sufficient to meet the needs of all cybersecurity partners
- Multilateral Information Sharing Agreement is a significant win for the information sharing community – it overcomes the challenges with bilateral sharing, making it easily scalable to future information sharing participants