The Pentagon is considering the pilot program in which it shares classified threat intelligence with the private sector a success and will extend it to November.
The Department of Defense is planning
to extend the cyber-defense pilot program in which it shares classified threat
intelligence with defense contractors and other companies.
The Defense Industrial Base Cyber-Pilot
provides member organizations with classified information about viruses,
malware and other cyber-threats to help them defend against sophisticated
attacks and network intrusions. The pilot will be extended through
mid-November, the Associated Press reported Sept. 26.
So far, the trial program involves at
least 20 defense firms. There are discussions as to how it can be expanded to
include more companies and subcontractors. The Department of Homeland Security
(DHS) is also evaluating the program to provide similar information to defend
power plants, electrical grids and other critical infrastructure from
cyber-attack.
"The results this far are very
promising," Deputy Defense Secretary William Lynn told AP. "I do think it
offers the potential opportunity to add a layer of protection to the most
critical sectors of our infrastructure."
The data collected and shared since the
program launched in May has helped
stop "hundreds of attempted intrusions" by
identifying malware signatures, Lynn said earlier this month.
The Obama administration is interested
in this kind of public-private partnership to protect United States defense
companies from sophisticated cyber-attacks targeting sensitive information. A
senior DHS official told AP that implementing this kind of a program would be
easier if Congress would pass legislation explicitly giving DHS the lead role
in helping private sector companies
secure critical infrastructure.
DHS needs more authority over critical
infrastructure and must be able to "mandate" risk-based performance,
according to James Lewis, director of the technology and public policy program
at the Center for Strategic and International Studies. Currently, the Defense
Department does not have the legal authority to defend civilian systems, and
Homeland Security, which oversees private-sector cyber-security, does not have
the power to regulate those systems.
Rep. Dan Lungren, R-Calif., chairman of
the Subcommittee on Cybersecurity, Infrastructure Protection and Security
Technologies, has proposed creating a United States Computer Emergency Response
Team (US-CERT) within DHS that is responsible for protecting federal and
critical infrastructure systems and a non-profit organization called the
National Information Security Organization that would be managed by the DHS
secretary.
The nonprofit organization would have a
board of directors comprising a representative from DHS, three representatives
from different federal agencies that deal with cyber-security, and five
representatives from the private sector that operate networks or facilities
that have been deemed critical infrastructure, such as energy, water and
communications networks.
There have been a number of
high-profile attacks against defense companies this year, including unknown
attackers who used information stolen from RSA Security to
compromise Lockheed Martin, a March attack in
which criminals stole
files related to missile tracking systems from a
defense contractor and Anonymous leaking
information belonging to military personnel.
Intrusions into defense networks are
now close to 30 percent of the Pentagon's Cyber Crime Center's workload, senior
defense officials told AP.
More than 60,000 new malicious software
programs or variations are identified every day, "threatening our
security, our economy and our citizens," Defense Secretary Leon Panetta
said earlier this year.
Email
Print
