Sharing Intelligence Helps Contractors Strengthen Cyber Defenses

BALTIMORE, Aug. 16, 2011 — A new pilot pro­gram in which the Defense Depart­ment shares clas­si­fied threat intel­li­gence with defense con­trac­tors or their com­mer­cial Inter­net ser­vice providers is show­ing promise in increas­ing their cyber defens­es and pre­vent­ing ene­my intru­sions into sen­si­tive gov­ern­ment net­works, Deputy Defense Sec­re­tary William J. Lynn III said today.

Deputy Defense Secretary William J. Lynn III
Deputy Defense Sec­re­tary William J. Lynn III address­es about 2,700 par­tic­i­pants at the Defense Infor­ma­tion Sys­tems Agency’s Cus­tomer and Indus­try Forum at the Bal­ti­more Con­ven­tion Cen­ter, Bal­ti­more, Aug. 16, 2011. Lynn’s dis­cussed the threats of cyber war­fare in the dig­i­tal age.
DOD pho­to by R.D. Ward
Click to enlarge

Lynn shared ini­tial find­ings of the Defense Indus­tri­al Base Cyber Pilot with atten­dees here at the Defense Infor­ma­tion Sys­tems Agency’s Cus­tomer and Indus­try Forum. 

About mid­way through the 90-day pilot, launched in part­ner­ship with the Home­land Secu­ri­ty Depart­ment, Lynn said the pilot is bear­ing fruit among about 20 par­tic­i­pat­ing com­pa­nies that oper­ate DOD networks. 

“Already, the pilot has shown us hun­dreds of sig­na­tures we would­n’t pre­vi­ous­ly have seen” and stopped hun­dreds of attempt­ed intru­sions, Lynn report­ed. He not­ed that load­ing these sig­na­tures onto exist­ing sys­tems dra­mat­i­cal­ly increas­es cybersecurity. 

“So in the com­ing months, we are look­ing at the pos­si­bil­i­ty of deep­en­ing the defense indus­try involve­ment in this pilot [and] bring­ing more and more com­pa­nies” into the pro­gram, he said. 

Lynn called intel­li­gence the “spe­cial sauce” that enables par­tic­i­pat­ing com­pa­nies to improve their cyber defens­es. DOD shares threat intel­li­gence pro­vid­ed by U.S. Cyber Com­mand and the Nation­al Secu­ri­ty Agency, along with exper­tise so they can employ it for net­work defense. 

The com­pa­nies, in turn, use the intel­li­gence and exper­tise to pro­tect net­works they oper­ate for DOD

“We rely on pri­vate-sec­tor net­works and ser­vices to oper­ate near­ly every facet of the depart­ment,” Lynn told today’s gath­er­ing. “And the fact is that the pri­vate firms we depend on are sus­cep­ti­ble to the same cyber threats we seek to pro­tect dot-mil net­works from.” 

Over the past decade, “we have lost ter­abytes of data” through intru­sions and attacks on defense com­pa­nies’ cor­po­rate net­works, Lynn said. Some of the stolen data was rel­a­tive­ly mun­dane, involv­ing spec­i­fi­ca­tions for small parts of tanks, air­planes and submarines. 

“But a great deal of it con­cerns our most sen­si­tive sys­tems,” Lynn said, includ­ing air­craft avion­ics, sur­veil­lance tech­nolo­gies, satel­lite com­mu­ni­ca­tions sys­tems and net­work secu­ri­ty protocols. 

“We real­ize that we must help our part­ners pro­tect their net­works,” he said. 

Mean­while, DOD is look­ing toward oth­er gov­ern­ment agen­cies to see if this same con­cept can be applied to pro­tect oth­er sec­tors, includ­ing pow­er, trans­porta­tion and ener­gy sec­tors. DIB Cyber Pilot “is intend­ed to demon­strate that we can uti­lize this pub­lic-pri­vate part­ner­ship to pro­tect crit­i­cal infra­struc­ture net­works, start­ing with the defense sec­tor,” Lynn said. 

Lynn called on DISA and DOD’s indus­try part­ners to help make the new con­cept work. 

“This is not a type of prob­lem like air defense where the mil­i­tary can take the mis­sion large­ly on its own. Nor is it an area in which the pri­vate sec­tor can do every­thing they need to do on their own,” he said. “It has to be a part­ner­ship between the types of capa­bil­i­ties and intel­li­gence the gov­ern­ment can bring, and the types of capa­bil­i­ties and tech­nol­o­gy the pri­vate sec­tor can bring. And those two need to be com­bined to pro­tect our vital infrastructure.” 

This coop­er­a­tion is crit­i­cal to the suc­cess of the new DOD strat­e­gy for oper­at­ing in cyber­space, which rec­og­nizes the impor­tance of cyber defens­es to pre­vent ene­mies from exploit­ing, dis­rupt­ing or destroy­ing crit­i­cal networks. 

“In the face of this threat, we have a win­dow of oppor­tu­ni­ty to devel­op much more sub­stan­tial defens­es, not only on our mil­i­tary and gov­ern­ment net­works, but also the net­works that sup­port our crit­i­cal infra­struc­ture,” Lynn said. 

“We must have the capa­bil­i­ty to defend against the full range of cyber threats,” he said. “That is indeed the goal of the department’s cyber strat­e­gy, and it is why we are pur­su­ing the strat­e­gy with such urgency.” 

Source:
U.S. Depart­ment of Defense
Office of the Assis­tant Sec­re­tary of Defense (Pub­lic Affairs) 

Face­book and/or on Twit­ter

Team GlobDef

Seit 2001 ist GlobalDefence.net im Internet unterwegs, um mit eigenen Analysen, interessanten Kooperationen und umfassenden Informationen für einen spannenden Überblick der Weltlage zu sorgen. GlobalDefence.net war dabei die erste deutschsprachige Internetseite, die mit dem Schwerpunkt Sicherheitspolitik außerhalb von Hochschulen oder Instituten aufgetreten ist.

Alle Beiträge ansehen von Team GlobDef →