The Cloud Safe Task Force (CSTF) – comprised of four nonprofits: MITRE, the Cloud Security Alliance (CSA), the Advanced Technology Academic Research Center (ATARC), and the IT Acquisition Advisory Council (IT-AAC) – published a new set of recommendations today to establish a National Cyber Feed (NCF).
The NCF is a proposed public-private partnership that would leverage volunteer data from cloud service providers (CSPs) to create a real-time security feed for Federal agencies and key partners.
According to the document outlining the new recommendations, CSPs and third-party risk assessment companies have the ability to spot and forecast cyber threats. However, it explains that the current data feeds provided by CSPs “require improvement to enable real-time threat detection, response, and defense at a national level.”
“In response to feedback from CSP members, the CSTF recommends moving forward with implementation of an NCF,” the document says. “This feed would aggregate monitoring data from U.S. CSPs, providing a real-time view of the national security posture, tracking adversary behavior, and predicting future threats to critical U.S. infrastructure.”
The task force held a summit on July 1 to refine its proposal to establish an NCF, noting that the discussions focused on the government’s need to monitor data and the cyber risk challenges CSPs face.
According to the CSTF’s proposal, the National Cyber Feed would be supported by an independent, non-governmental “Third-Party Fusion Organization” (I3FO), which would be responsible for integrating, analyzing, and disseminating the data.
“The I3FO’s role would include safeguarding sensitive and proprietary data contributed by CSPs, ensuring that such information remains protected from public access,” the document says. “It would also interpret the cybersecurity content of the aggregated data and facilitate real-time sharing of desensitized and actionable cyber threat intelligence (CTI).”
“This intelligence would be distributed to key Federal Cyber Authorities including the Office of the National Cyber Director (ONCD), Cybersecurity and Infrastructure Security Agency (CISA), U.S. Cyber Command (USCYBERCOMMAND), Critical Infrastructure Sector Risk Management Agencies (SRMAs), Federal agencies, law enforcement, and international partners,” it adds.
The Cloud Safe Task Force is recommending a phased approach to implement the National Cyber Feed.
The first step it recommends is for the executive branch – specifically ONCD or the Office of Management and Budget’s (OMB) Office of the Federal CIO – to initiate a pilot program in fiscal year (FY) 2025 to test and refine the NCF.
The CSTF recommends that the executive branch launch the pilot when OMB’s Cloud Smart policy is updated to “Cloud Safe” – a previous recommendation the task force made in February 2024. Additionally, it wants Congress to mandate the pilot program through the FISMA reauthorization or introduce it as a standalone bill that updates FedRAMP legislation.
Step two, according to the task force, is to create the “NCF Coach Role” and appoint action officers from key cyber authorities to facilitate collaboration, guide NCF activities, and ensure alignment with national cybersecurity priorities.
Finally, the CSTF wants to expand the NCF to full operational status by FY2026 – based on input from the I3FO, CSPs, and other stakeholders.
“This expansion will ensure that the NCF can provide timely and actionable cyber threat intelligence to support coordinated national and global cyber defense efforts,” the recommendation says.