DOD Expands Contractor Cyber-threat Protection Program

WASHINGTON, May 11, 2012 — The Defense Depart­ment is expand­ing one pilot pro­gram and enhanc­ing anoth­er, both of which involve shar­ing cyber-threat data with cleared defense con­trac­tors who work with DOD intel­lec­tu­al prop­er­ty, senior defense offi­cials said yes­ter­day.

 -
Here you can find more infor­ma­tion about Cyber War­fare

Richard A. Hale, deputy chief infor­ma­tion offi­cer for cyber secu­ri­ty, and Eric Rosen­bach, deputy assis­tant sec­re­tary of defense for cyber pol­i­cy, dis­cussed both efforts dur­ing an inter­view with the Pen­ta­gon Chan­nel and Amer­i­can Forces Press Ser­vice.

“The defense indus­tri­al base Cyber Security/Information Assur­ance Pro­gram is a pub­lic-pri­vate part­ner­ship that DOD began in order to bet­ter pro­tect DOD infor­ma­tion that lives out­side DOD,” Hale said.

“We start­ed the pro­gram in an attempt to share cyber-threat data with these com­pa­nies in a way that allowed the com­pa­nies to act on that infor­ma­tion imme­di­ate­ly,” he added.

In part­ner­ship with the Depart­ment of Home­land Secu­ri­ty, DOD announced these devel­op­ments in defense indus­tri­al base, or DIB, cyber-secu­ri­ty activ­i­ties.

In a press release about the pro­gram, Deputy Defense Sec­re­tary Ash­ton B. Carter said expand­ing the vol­un­tary shar­ing of infor­ma­tion between DOD and the defense indus­tri­al base is “an impor­tant step for­ward in our abil­i­ty to catch up with wide­spread cyber threats.”

After a four-year DIB cyber-secu­ri­ty pilot with 37 cleared com­pa­nies, Hale said, the pro­gram is now avail­able to all DIB com­pa­nies that have facil­i­ty secu­ri­ty clear­ances.

“What DOD shares with these com­pa­nies is unclas­si­fied and clas­si­fied cyber-threat infor­ma­tion,” Hale said. “The pro­gram is vol­un­tary and … if the com­pa­nies choose they can share cyber-inci­dent data back with DOD, includ­ing sam­ples of mali­cious code that the com­pa­nies find in their net­works.”

DOD uses that infor­ma­tion to alert par­tic­i­pat­ing com­pa­nies as well as the rest of the fed­er­al gov­ern­ment to sig­na­tures of the cap­tured mal­ware.

To par­tic­i­pate in the pro­gram, Hale said, com­pa­nies go to the Defense Indus­tri­al Base Cyber Security/Information Assur­ance Program’s pub­lic web­site to down­load and exe­cute with DOD a frame­work agree­ment that sets rules and respon­si­bil­i­ties for DOD and the DIB com­pa­nies.

“Once there’s a for­mal agree­ment in place, DOD extends DIBNET and a clas­si­fied ver­sion of DIBNET to the com­pa­ny and begins shar­ing infor­ma­tion,” Hale said. “And the com­pa­nies, if they choose to, start shar­ing inci­dent data back with DOD.”

The oth­er DOD infor­ma­tion-shar­ing effort is an exten­sion of this base­line pro­gram, Rosen­bach said, called DIB Enhanced Cyber Secu­ri­ty Ser­vices. The pilot has been oper­a­tional for a year, with a few-dozen par­tic­i­pat­ing DIB com­pa­nies.

“We think … it’s the first mod­el like this in the world where the gov­ern­ment works with the pri­vate sec­tor in a very proac­tive way to do some­thing to pro­tect pri­vate-sec­tor firms — in this case the defense indus­tri­al base, from advanced cyber-secu­ri­ty threats,” he said.

The spe­cial­ized infor­ma­tion DOD is pass­ing to the DIB com­pa­nies through this extend­ed pro­gram “is not some­thing that’s avail­able in the pri­vate sec­tor,” the deputy assis­tant sec­re­tary said, “so there’s addi­tion­al val­ue that low­ers the risk of cyber attack to these defense indus­tri­al base firms.”

The extend­ed pro­gram works, he added, “by tak­ing all these spe­cial­ized codes derived from cyber threats [and] giv­ing them to [the Depart­ment of Home­land Secu­ri­ty], which then sends them to an Inter­net ser­vice provider. Then the Inter­net ser­vice provider takes this spe­cial code, known as a sig­na­ture, and scans the company’s Inter­net traf­fic to see whether it hits.”

The par­tic­i­pat­ing com­pa­nies pay the Inter­net ser­vice provider a fee for this ser­vice.

Two spe­cif­ic coun­ter­mea­sures are “a type of fil­ter for all the par­tic­i­pants,” Rosen­bach said, not­ing par­tic­i­pants’ “Inter­net traf­fic goes through that fil­ter and then it’s to some degree fil­tered or cleansed before it gets to the firm itself.”

The extend­ed pro­gram, he said, “is a lit­tle bit dif­fer­ent from what we had been doing up to this point because it’s active — it’s actu­al­ly using the pow­er of the net­work and the Inter­net ser­vice provider to scan the traf­fic.”

In the past, he added, they passed on the threat infor­ma­tion but no scan­ning was being done.

“It’s not the ’sil­ver bul­let’ for all cyber secu­ri­ty,” Rosen­bach said. “It’s just one addi­tion­al tool that you’d use if you might be hit by a threat.”

Accord­ing to Hale, par­tic­i­pat­ing com­pa­nies are hap­py with the pro­gram.

“The feed­back I get from the com­pa­nies who are par­tic­i­pat­ing right now is that the shar­ing of infor­ma­tion and then the inter­ac­tion with the gov­ern­ment [and] … with oth­er defense indus­tri­al base cyber-secu­ri­ty pro­gram par­tic­i­pants has raised all boats,” he said.

“Not only do they get imme­di­ate­ly action­able infor­ma­tion when the gov­ern­ment shares this infor­ma­tion with the com­pa­nies,” Hale added, but the com­pa­nies have devel­oped best prac­tices they’ve shared with each oth­er and with the fed­er­al gov­ern­ment.

“That has tend­ed to raise both the government’s and the industry’s cyber-secu­ri­ty prac­tices,” Hale said.

Source:
U.S. Depart­ment of Defense
Office of the Assis­tant Sec­re­tary of Defense (Pub­lic Affairs)

Team GlobDef

Team GlobDef

Seit 2001 ist GlobalDefence.net im Internet unterwegs, um mit eigenen Analysen, interessanten Kooperationen und umfassenden Informationen für einen spannenden Überblick der Weltlage zu sorgen. GlobalDefenc.net war dabei die erste deutschsprachige Internetseite, die mit dem Schwerpunkt Sicherheitspolitik außerhalb von Hochschulen oder Instituten aufgetreten ist.

Alle Beiträge ansehen von Team GlobDef →