DHS, Defense expanding cyber sharing program
The Defense Department and the Department of Homeland Security announced Friday that the Defense Industrial Base (DIB) Cyber Pilot program will be opened to all eligible DIB companies.
The program, an information exchange arrangement that allows intelligence agencies to share threat information with companies, and companies to share information on attacks with some liability protections, was started in June 2011 and initially included only about 20 volunteering companies.
Defense officials have been saying for months that they intended to increase the number of companies to more than 200, but the announcement means that the program will be open to any company in the industrial base that can meet certain minimum requirements and that chooses to join. Specifically, the company must handle DoD information or have access to a DoD network and demonstrate a basic level of information security.
"Increased dependence on Internet solutions have exposed sensitive but unclassified information stored on corporate systems to malicious probes, theft, and attacks," Ashton Carter, deputy secretary of defense, said in a news release. "This expanded partnership between DoD and the defense industrial base will help reduce the risk of intrusions on our systems."
Experts familiar with the program have voiced concern about its effectiveness, saying that the data provided by the government has been far from useful and that companies have been withholding critical information from the government.
But company sources said the program has improved in recent months, with a basic level of trust established that has allowed the flow of better intelligence.
To complicate the process, the program's management has now been handed over to DHS, which may derail that progress in developing trust, and is the topic of hot debate. Sen. John McCain, R-Ariz, has been a vocal opponent of the move, suggesting that all information sharing should be managed by the DoD and intelligence agencies, while government officials have said the military should not be leading security efforts for private companies.
"I am pleased by the deep collaboration between DoD, DHS and DIB partners," Carter said in the release. "Shared information between DoD, DHS and the defense industrial base can help us defend against the ever-growing threat of cyber attacks."