The Pentagon is expanding a cyber-security program meant to promote information sharing between the private and public sectors.
In partnership with the Department of Homeland Security (DHS), the Department of Defense (DoD) announced on May 11 that it is expanding its Defense Industrial Base Cyber Security/Information Assurance Program (DIB CS/IA) to all eligible companies.
The goal of the program is to improve network defenses and reduce potential damage to critical programs when defense information is compromised. As part of the program, the DoD shares information with companies handling DoD data that they can review or act on to improve security.
I am pleased by the deep collaboration between DoD, DHS and DIB partners, said Ashton Carter, deputy secretary of defense, in a statement.
The success of this program encourages us to explore additional ways to enhance the protection of defense industry networks and DoD information, Carter said. Shared information between DoD, DHS and the defense industrial base can help us defend against the ever-growing threat of cyber-attacks.
The issue of information-sharing between government and critical infrastructure is a common topic in security conversations. In March, National Security Agency Director Gen. Keith Alexander told the U.S. Senate Armed Services Committee about the importance of government and private sector officials sharing information.
What were talking about¦is we have to have the ability to work with industry, our partners, so that when they are attacked or they see an attack they can share that with us immediately, he said.
When you think about it, its almost like the neighborhood watch program, he explained. Somebodys breaking into a bank; somebody needs to call the authorities to stop it.
Recently, the security of critical infrastructure companies was put into the spotlight again when reports surfaced about a series of cyber-attacks targeting the natural gas industry.
The increasing connectedness of infrastructure not only makes U.S. utility companies more vulnerable to cyber-security attacks but increases the cascading effect an attack can have on other infrastructure sectors and capabilities, said Chris Petersen, CTO of LogRhythm.
A fundamental challenge utilities face is that supervisory control and data acquisition (SCADA) systems were not designed to be secure. Much of the existing infrastructure was developed and implemented prior to the rise of the Internet. Security was most often thought of in the physical sense, Petersen said.
According to the DoD's Carter, the expansion of voluntary information-sharing between the department and the defense industrial base represents an important step forward in the ability to catch up with widespread cyber-threats.
Increased dependence on Internet solutions has exposed sensitive but unclassified information stored on corporate systems to malicious probes, theft and attacks. This expanded partnership between DoD and the defense industrial base will help reduce the risk of intrusions on our systems, Carter said.