1
CLOUD SAFE TASK FORCE (CSTF)
NATIONAL CYBER FEED (NCF)
IMPLEMENTATION RECOMMENDATIONS
Background
With the rapid expansion of cloud service adoption,
commercial U.S. Cloud Service Providers (CSPs) are
in a unique position to assess and monitor national
cybersecurity risks. The shared responsibility model
in cloud computing has positioned U.S. CSPs as key
contributors to national cyber defense, often placing them
on the front lines of cyber conflict. However, recent high-
profile security breaches impacting both U.S. industries
and government entities have shaken confidence in cloud
services. Addressing these concerns is essential not only
to prevent a potential return to traditional datacenter
models—where operational and security complexities are
heightened—but also to preserve the numerous benefits
cloud services provide. These benefits include scalability,
cost eciency, flexibility, and access to advanced security
tools. A shift away from cloud services would not only
risk losing the innovation, collaboration, and resilience
that cloud environments foster but also reintroduce
complexities, slower threat detection, and ineciencies in
large-scale cybersecurity management.
To tackle these challenges, the Cloud Safe Task Force
(CSTF) was established in September 2023 to develop
comprehensive solutions for U.S. cloud security. The Task
Force is a collaborative initiative led by MITRE, the Cloud
Security Alliance (CSA), the Advanced Technology Academic
Research Center (ATARC), and the IT Acquisition Advisory
Council (IT-AAC). On July 1, 2024, the CSTF convened a
summit to refine its proposal to establish a National Cyber
Feed (NCF) to provide a real-time snapshot of cloud security.
The discussions focused on the government’s need to
monitor data and the challenges CSPs face in delivering
eective cyber risk and threat intelligence.
U.S. CSPs and third-party risk assessment companies
possess world-class capabilities for monitoring risk
and tracking adversary activities. However, the CSTF
concluded that current data feeds provided by CSPs
require improvement to enable real-time threat detection,
response, and defense at a national level. In response to
feedback from CSP members, the CSTF recommends
moving forward with implementation of an NCF. This feed
would aggregate monitoring data from U.S. CSPs, providing
a real-time view of the national security posture, tracking
adversary behavior, and predicting future threats to critical
U.S. infrastructure.
National Cyber Feed Concept
In a recent CSTF meeting, CSP members proposed
an innovative approach: utilizing the advanced cyber
defense dashboards currently deployed by their security
operations teams to strengthen national cyber defense
eorts. The core idea is to aggregate and anonymize data
from these sophisticated dashboards, enabling real-
time risk monitoring across national IT infrastructure.
This data, when made accessible across various sectors
and government agencies, could be used to enhance
collective threat intelligence, drive informed policy
OCTOBER 2024
