Shows & Panels
- The 2014 Big Picture on Cyber Security
- AFCEA Answers
- Ask the CIO
- Connected Government
- Consolidating Mission-critical Systems
- Constituent Servicing
- Continuous Monitoring: Tools and Techniques for Trustworthy Government IT
- The Data Privacy Imperative: Safeguarding Sensitive Data
- Eliminating the Pitfalls: Steps to Virtualization in Government
- Federal Executive Forum
- Federal Tech Talk
- Government Cloud Brokerage: Who, What, When, Where, Why?
- Government Mobility
- Mission-critical Apps in the Cloud
- Mobile Device Management
- The Modern Federal Threat Landscape
- The Path from Legacy Systems
- Understanding the Intersection of Customer Service and Security in the Cloud
Shows & Panels
DoD ready to meet pent up demand for cyber threat sharing program
Tuesday - 5/15/2012, 5:22am EDT
The DoD effort to share what it knows about specific cyber threats first started four years ago when the Pentagon began transmitting classified and unclassified threat signatures to defense companies. Then, last June, the department rolled out a pilot program to expand the umbrella to protect companies via their Internet Service Providers (ISPs). DoD capped the voluntary program at 36 companies that the Pentagon believed were ripe targets for foreign cyber intrusions.
Eric Rosenbach, assistant secretary of Defense for cyber policy (DoD)
Last week, the Office of Management and Budget gave approval to the Pentagon to make the voluntary pilot program permanent, letting it expand to any defense company that has a secure facility and personnel to handle classified threat data. DoD estimates that approximately 8,000 firms are eligible, and officials say they would be happy if 1,000 of those signed up.
Companies have two ways to participate:
- They can sign an agreement with DoD to accept and protect the threat information themselves.
- They can sign up for an "enhanced" program, which 17 of the 36 defense companies have agreed to join. In the enhanced program, DoD has agreed to share cyber threats directly with ISPs that provide network connectivity to defense companies. The ISPs then scan and intercept threats before they reach the defense firm.
Under that part of the enhanced program, the Department of Homeland Security hosts the centralized database of current threats and makes it available to ISPs that have signed up to participate. ISPs have to meet the same standards for secure facilities and cleared personnel that apply to anyone else who handles classified information, Rosenbach told reporters on a Monday conference call.
"We think that makes it less likely that the information would leak or that intelligence agencies of another agency could get to it, because it's held in fewer places," he said. "The advantage of this model is that we can provide the information for an enhanced service to the ISPs, but we don't necessarily have to pass the information itself on a widespread basis. We're just using the power of the network and the Internet itself to provide a little bit of additional protection."
Trust must be established
Rosenbach said the ISPs would offer that detection as a fee-based service. Three providers are participating so far, though DoD officials declined to identify them. He said the pilot phase of the program demonstrated that the concept of sharing threat information with industry works well in concept and had indeed succeeded in stopping cyber attacks.
DoD believes a lot of pent-up demand by defense companies to join the program exists. More than 250 companies who were not part of the pilot had asked to join but were prevented from doing so by the 36-company cap, said Richard Hale DoD's deputy chief information officer for cybersecurity.
Richard Hale, deputy chief information officer for cybersecurity, Defense Department (DoD)
Rosenbach said that while the technical efforts in setting up the information sharing effort were difficult, the much more challenging problems surrounded establishing trust, both between industry and government, and among federal agencies themselves.
"Those trust relationships really improved over the course of the [pilot] program, and the first, just to be candid, was the trust relationship between DHS and DoD. We're at a point now where we really are back-to-back and we work very closely together," he said. "I think the roles we've designed in the program are really quite good. DHS has the lead with the Internet Service Providers, but DoD maintains the lead in working with the DIB companies. I think that's working very well. The other is the relationship between the firms and the government. One thing about DHS is that their capacity as an organization and their leadership has really improved dramatically. They get a bad rap for not being able to do a lot of the things in the cybersecurity space. I think that reputation is unfair. They are really equal partners in this cybersecurity arena."
DoD said the project with defense companies could eventually scale up to protect systems that go beyond just the world of defense secrets, Rosenbach said.
"This is something we're pretty proud of. I think it offers the potential to protect critical infrastructure as well if that's something that the White House decides. This could play an important role in the strategic defense of the country," he said.