Information Security News mailing list archives

Previous By Date Next
Previous By Thread Next

Pentagon opens classified cyber program to all defense contractors, ISPs

From: InfoSec News <alerts () infosecnews org>
Date: Mon, 14 May 2012 02:03:42 -0500 (CDT)
http://www.nextgov.com/defense/2012/05/pentagon-opens-classified-cyber-program-all-defense-contractors-isps/55707/

By Aliya Sternstein
Nextgov
May 11, 2012
The Obama administration is expanding to all military contractors a computer security program that shares classified threat information, Defense Department officials announced Friday. After a year of trials with select vendors, the Defense Industrial Base, or DIB, cybersecurity pilot program will invite all military vendors and their Internet service providers to voluntarily join the two-way information-sharing initiative.
Most networks that control power, weapons system data and other critical services that support the military are privately owned. Under existing law, the government does not have the authority to regulate their security. Proponents say the program is a way for both sides to learn from reports of intrusions without compromising corporate reputations.
The National Security Agency, the Pentagon’s code-cracking branch, will disclose the “signatures,” or unique hallmarks, of identified malicious programs so that vendors can incorporate those red flags into antivirus software. In return, companies must report known breaches of defense information to the government within 72 hours after discovering an incident.
Companies are allowed, but not obligated, to disclose such incidents to the larger contracting community. Defense, however, can circulate intrusion reports stripped of identifying information among participants, other agencies and certain nondefense contractors. “The government may share nonattribution information that was provided by a DIB participant (or derived from information provided by a DIB participant) with other DIB participants in the [program], and may share such information throughout the government (including with government support contractors that are bound by appropriate confidentiality obligations) for cybersecurity and information assurance purposes,” states an April 30 preliminary rule also released Friday. 

[...]


_______________________________________________
LayerOne Security Conference
May 26-27, Clarion Hotel, Anaheim, CA
http://www.layerone.org
Previous By Date Next
Previous By Thread Next

Current thread: