[ISN] Pentagon opens classified cyber program to all defense contractors, ISPs

From: InfoSec News <alerts_at_private>
Date: Mon, 14 May 2012 02:03:42 -0500 (CDT)

By Aliya Sternstein
May 11, 2012

The Obama administration is expanding to all military contractors a computer 
security program that shares classified threat information, Defense Department 
officials announced Friday. After a year of trials with select vendors, the 
Defense Industrial Base, or DIB, cybersecurity pilot program will invite all 
military vendors and their Internet service providers to voluntarily join the 
two-way information-sharing initiative.

Most networks that control power, weapons system data and other critical 
services that support the military are privately owned. Under existing law, the 
government does not have the authority to regulate their security. Proponents 
say the program is a way for both sides to learn from reports of intrusions 
without compromising corporate reputations.

The National Security Agency, the Pentagon’s code-cracking branch, will 
disclose the “signatures,” or unique hallmarks, of identified malicious 
programs so that vendors can incorporate those red flags into antivirus 
software. In return, companies must report known breaches of defense 
information to the government within 72 hours after discovering an incident.

Companies are allowed, but not obligated, to disclose such incidents to the 
larger contracting community. Defense, however, can circulate intrusion reports 
stripped of identifying information among participants, other agencies and 
certain nondefense contractors. “The government may share nonattribution 
information that was provided by a DIB participant (or derived from information 
provided by a DIB participant) with other DIB participants in the [program], 
and may share such information throughout the government (including with 
government support contractors that are bound by appropriate confidentiality 
obligations) for cybersecurity and information assurance purposes,” states an 
April 30 preliminary rule also released Friday.


LayerOne Security Conference
May 26-27, Clarion Hotel, Anaheim, CA
Received on Mon May 14 2012 - 00:03:42 PDT

This archive was generated by hypermail 2.2.0 : Mon May 14 2012 - 00:07:07 PDT