http://www.nextgov.com/defense/2012/05/pentagon-opens-classified-cyber-program-all-defense-contractors-isps/55707/ By Aliya Sternstein Nextgov May 11, 2012 The Obama administration is expanding to all military contractors a computer security program that shares classified threat information, Defense Department officials announced Friday. After a year of trials with select vendors, the Defense Industrial Base, or DIB, cybersecurity pilot program will invite all military vendors and their Internet service providers to voluntarily join the two-way information-sharing initiative. Most networks that control power, weapons system data and other critical services that support the military are privately owned. Under existing law, the government does not have the authority to regulate their security. Proponents say the program is a way for both sides to learn from reports of intrusions without compromising corporate reputations. The National Security Agency, the Pentagon’s code-cracking branch, will disclose the “signatures,” or unique hallmarks, of identified malicious programs so that vendors can incorporate those red flags into antivirus software. In return, companies must report known breaches of defense information to the government within 72 hours after discovering an incident. Companies are allowed, but not obligated, to disclose such incidents to the larger contracting community. Defense, however, can circulate intrusion reports stripped of identifying information among participants, other agencies and certain nondefense contractors. “The government may share nonattribution information that was provided by a DIB participant (or derived from information provided by a DIB participant) with other DIB participants in the [program], and may share such information throughout the government (including with government support contractors that are bound by appropriate confidentiality obligations) for cybersecurity and information assurance purposes,” states an April 30 preliminary rule also released Friday. [...] _______________________________________________ LayerOne Security Conference May 26-27, Clarion Hotel, Anaheim, CA http://www.layerone.orgReceived on Mon May 14 2012 - 00:03:42 PDT
This archive was generated by hypermail 2.2.0 : Mon May 14 2012 - 00:07:07 PDT