The US Defense Department invited all
of its eligible contractors on Friday to join a previously restricted
information-sharing pact aimed at guarding sensitive Pentagon program
data stored on private computer networks.
The Pentagon predicts that as
many as 1,000 defense contractors may join a voluntary effort to share
classified information on cyber threats under an expansion of a
first-ever initiative to protect computer networks.
The effort, known as the Defense Industrial Base ("DIB")
program, is a voluntary information-sharing program in which the
Department of Defense shares "unclassified indicators and related,
classified contextual information" about cyber-attacks and threats with
defense contractors.
In exchange, defense contractors
report known intrusions and can receive forensics analysis and damage
assessments from the government after those attacks. In an optional part
of the program, the DIB Enhanced Cybersecurity Services, the government
shares additional classified threat and technical data with defense
contractors and Internet service providers.
If the Pentagon’s effort proves
successful in safeguarding defense contractors from cyber attacks, the
administration may enlarge the program to companies in 15 other critical
infrastructure categories through the Department of Homeland Security.
More than 2,000 companies
qualify and the membership rolls will be expanded on a first-come,
first-served basis, the official said.At the program's entry level, the
Pentagon will give participants unclassified "indicators" and classified
"contextual information," as well as suggested measures for addressing
cyber threats.
Volunteer companies must sign a
standardized bilateral framework pact that calls for sharing "to the
greatest extent possible" for the clearest understanding of cyber
threats, according to an interim final rule published Friday in the
Federal Register.
Recently, the security of
critical infrastructure companies was put into the spotlight again when
reports surfaced about a series of cyber attacks targeting the natural
gas industry.
“The increasing connectedness of
infrastructure not only makes U.S. utility companies more vulnerable to
cyber-security attacks but increases the cascading effect an attack can
have on other infrastructure sectors and capabilities,” said Chris
Petersen, CTO of LogRhythm.
“A fundamental challenge
utilities face is that supervisory control and data acquisition (SCADA)
systems were not designed to be secure. Much of the existing
infrastructure was developed and implemented prior to the rise of the
Internet. Security was most often thought of in the physical sense.”
Nema komentara:
Objavi komentar