Defense to grow industrial base cyber program, DHS may expand to other sectors

The Pentagon this fall expects to make permanent and expand a test program through which the Defense Department shared classified intelligence on cyber threats with select contractors to better secure commercial networks serving the military. The trial that ran from May 9 through Sept. 15 thwarted hundreds of attempted breaches at the roughly 20 participating firms from the defense industrial base, Pentagon officials said.

The Defense Department, in coordination with the Homeland Security Department, established the cyber pilot to help contractors and their Internet service providers safeguard networks critical to military operations. DHS deals with intrusions on critical civilian networks, such as power grids. As hacks and service disruptions increasingly jeopardize economic and national security, some experts say the armed forces should be playing a larger role in protecting those civilian systems. But many citizens and privacy advocates say they do not want the Pentagon snooping into private networks.

Last week, independent evaluators commissioned by the department initiated a month-long review to help officials more fully understand the experiment's strengths and weaknesses, Defense officials said.

"This fall, following completions of the independent evaluation, the DoD hopes to make the pilot a permanent effort and, working in conjunction with our interagency partners, to then expand the program to other critical defense companies in the [defense industrial base]," said Defense spokeswoman April Cunningham.

She noted the Pentagon would use its existing statutory authorities to extend the program throughout the defense industry, but, "there is also active discussion about expanding the pilot, through DHS, to other sectors beyond defense."

Homeland Security officials said they have not yet settled on whether to execute the program in the civilian space.

"The administration is looking at a variety of ways to work with private sector critical infrastructure companies and help them protect themselves from cyber threats," DHS spokesman Chris Ortman said, referring to transportation system operators, financial services firms and other vital businesses. "We are now evaluating [the cyber pilot's] effectiveness and potential before deciding whether or not to expand its scope."

Pentagon leaders have said the pilot appears to be cost-effective. Defense officials were not able to comment on the mechanisms used to distribute cyber intelligence, so it is unclear whether the government and vendors had to pay for additional technology to secure the lines of communication.

It is no secret that internal Defense networks are probed millions of times a day. But recently, the Pentagon has acknowledged that attackers are successfully penetrating corporate networks that transfer sensitive data on surveillance equipment, satellite communications systems and network security protocols.

On Thursday, government officials who led the pilot will be honored with a cyber innovation award at an event hosted by the SANS Institute, a security research center, and Government Executive Media Group, which includes Nextgov.

The trial run shared not just reports of lurking malicious code but also the technical means to pre-empt intrusions. Through various probes, the Pentagon obtains virus "signatures" -- the unique fingerprints of worms -- that can bolster network immunity if loaded into antivirus software to detect and block threats.

Department officials have repeatedly stressed that the pilot was voluntary and that the government was not monitoring, intercepting or storing any private sector communications.

When foreign intelligence services steal military plans and weapons system designs, "this kind of cyber exploitation does not have the dramatic impact of a conventional military attack," but over time, "it blunts our edge in military technology and saps our competitiveness in the global economy," Deputy Defense Secretary William J. Lynn III said last month at a conference for Defense Information Systems Agency contractors.

Earlier in the summer, he revealed that bad actors believed to be backed by foreign spies extracted 24,000 files related to weapons systems from a defense contractor in March. Weapons maker Lockheed Martin Corp. also acknowledged it had detected and quickly stopped "a significant and tenacious attack" on its network in May.