Shows & Panels
- The 2014 Big Picture on Cyber Security
- AFCEA Answers
- Ask the CIO
- Building the Hybrid Cloud
- Connected Government: How to Build and Procure Network Services for the Future
- Continuing Diagnostics and Mitigation: Discussion of Progress and Next Steps
- Federal Executive Forum
- Federal Tech Talk
- The Intersection: Where Technology Meets Transformation
- Maximizing ROI Through Data Center Consolidation
- Moving to the Cloud. What's the best approach for me
- Navigating Tough Choices in Government Cloud Computing
- The New Generation of Database
- Satellite Communications: Acquiring SATCOM in Tight Times
- Targeting Advanced Threats: Proven Methods from Detection through Remediation
- Transformative Technology: Desktop Virtualization in Government
- The Truth About IT Opex and Software Defined Networking
- Value of Health IT
Shows & Panels
Pentagon nears expansion of cyber information sharing effort
Wednesday - 4/25/2012, 5:21am EDT
Teri Takai, the DoD chief information officer, said under rules that are awaiting approval from the Office of Management and Budget, the defense industrial base (DIB) pilot program would grow to include roughly 200 firms from the current 37. She said she hoped the White House would sign off on the rules within the next 60 days.
"We've been working on this for two years now," Takai told a cybersecurity forum organized by Rep. Jim Moran (D-Va.) in Arlington, Va. "Our plan this year is to expand this, and I think it'll give a lot more companies the opportunity to share not only with us, but with each other."
Teri Takai, chief information officer, Defense Department (DoD)
The sharing would involve both classified and unclassified data and would let information flow in both direction — private firms would share information about the attacks they're seeing with the National Security Agency, and NSA would provide its own information about current threats to companies who meet the program's requirements.
Takai said the effort also will form the basis for a similar cyber threat information sharing program the Department of Homeland Security has begun, that one designed to share information with Internet service providers (ISPs) so they could help defend their networks and customers against attacks.
Major cyber attack unlikely
The exfiltration of data from private firms is the most prevalent cyber threat the nation faces at the moment, said Rear Adm. Samuel Cox, the director of intelligence for U.S. Cyber Command. He said he thinks some cyber threats are being overhyped in the media, and that it's unlikely a potential adversary would be able to pull off a spectacular attack like shutting down the entire U.S. electric grid, at least in today's environment.
He said most incidents that are characterized as "attacks" are more aptly described as probes, intelligence gathering or espionage.
"What's really hurting the United States right now is industrial espionage on a massive scale," he said. "It's primarily targeted against high-tech capabilities that, when stolen, allow adversaries to leapfrog technological hurdles and catch up with us. I think when people hear in the news media every day that we suffer however big number of attacks and then they look around and see things operating as normal, they become immune to what the threat really is. The threat is increasing at a rapid and accelerating rate."
But Cox said the world is rapidly moving toward an era in which the potential of destructive attacks launched though cyber means is becoming more and more serious. He said Cyber Command is witnessing a "global cyber arms race" as nation states try to stay ahead of one another's offensive and defensive cyber capabilities.
As for U.S. Cyber Command's own offensive capabilities, Cox said they're the strongest in the world, but other nations are uncomfortably close — in some cases, as little as two years behind.
Other countries catching up with offensive capabilities
DoD officials routinely refuse to discuss details about the United States' offensive cyber capabilities in public, but Cox did offer some insight into when Cyber Command would use those weapons, saying they would be reserved for only the most extreme situations.
Rear Adm. Samuel Cox, director of intelligence, U.S. Cyber Command (Navy)
DoD currently is finalizing a set of rules of engagement that lay out what specific actions it can take against an adversary in cyberspace. The effort is complicated, Cox said, because conducting cyber war while minimizing collateral damage turns out to be extremely difficult. He said that's another factor that makes cyber weapons an asymmetric threat against the U.S.
"If an adversary wanted to wage unrestricted cyber warfare against undefended civilian targets, and you don't care too much about collateral damage or fratricide and you're willing to accept a haphazard result, that's comparatively easy to do and it's why our country is vulnerable to that kind of attack," he said. "But if you're trying to do precision strike in cyberspace with a high degree of confidence that you will do what you intend to do and not do what you don't intend to do, that takes enormous amounts of intelligence, planning and some very carefully crafted cyber tools that won't boomerang against you down the road. Offensive operations are actually really, really hard."
Commercial cyber products desired
To improve its cyber capabilities and make sure they keep up with the pace of technology, DoD wants to increase its adoption of commercial security products.
Neal Ziring, the technical director for the National Security Agency's information assurance directorate, said DoD still will have to assemble and integrate those products in a well-thought-out, scientifically proven way. But it has to overcome the "not invented here" syndrome.
"There's all sorts of culture within the DoD and even within the NSA that says 'let's build our own thing, it'll be perfect and wonderfully adapted to its job.' We've got to get away from that," he said. "We're going to change the snooty attitude. It's still going to be a snooty attitude, but instead of 'not invented here,' it's going to be 'it doesn't meet standards.' We are going to use commercial technologies, but they need to adhere to standards so that they can interoperate, so that they can be assessed, all those other things."
Ziring said those commercial capabilities along with existing DoD IT assets will be brought together into more consolidated environments to make them more defensible and so that DoD can leverage its IT security investments across more of its programs. He said the department will offer both incentives for managers to bring their IT programs into those consolidated environments and consequences if they don't.