After recently completing a year-long pilot program, the Department of Defense (DoD) has announced that it will expand a bilateral cybersecurity information-sharing program between government officials and eligible private-sector companies. Early estimates suggest that as many as 1,000 new firms will participate in the initiative, marking a significant step forward in cross-sector collaboration.
As reports of foreign hackers tampering with the research and development efforts of American corporations began to surface last year, government officials started to view Internet security as more of a shared responsibility – considering the stark economic and national security consequences of private-sector breaches. As a result, a handful of defense industry leaders and Internet service providers were encouraged to participate in the pilot program intended to promote greater situational awareness among administrators of the nation's most critical networks.
"The expansion of voluntary information sharing between the department and the defense industrial base (DIB) represents an important step forward in our ability to catch up with widespread cyberthreats," Deputy Secretary of Defense Ashton Carter explained. "Increased dependence on Internet solutions have exposed sensitive but unclassified information stored on corporate systems to malicious probes, theft and attacks. This expanded partnership between DoD and the defense industrial base will help reduce the risk of intrusions on our systems."
Through their partnership with the departments of Defense and Homeland Security, companies are supplied with "unclassified indicators and related, classified contextual information" to educate their defense strategy architects and threat response teams. Government officials can also be called upon in certain circumstances to assist with mitigation and resolution efforts.
In exchange, companies provide federal administrators with comprehensive reports of known intrusions and can supply additional intelligence or potential leads at their own discretion. Private-sector network managers may also be called upon during damage assessments to lend their unique knowledge of the systems and architecture in question.
"I am pleased by the deep collaboration between DoD, DHS and DIB partners," Carter added. "The success of this program encourages us to explore additional ways to enhance the protection of defense industry networks and DoD information."
According to Bloomberg, government officials are already suggesting that the program may be expanded to more than a dozen other arenas outside of simply defense contractors. But these plans are not expected to move forward without creating a bit of friction. Data security and privacy efforts are already wary of the potential abuse of powers that could lead to participating companies feeling compelled to produce private citizen information upon government request. Additionally, President Obama has already suggested that he would veto a cybersecurity bill that gives firms legal immunity for the information provided to their federal partners.
Security News from SimplySecurity.com by Trend Micro