recommended reading

Confused by Defense cyber threat alerts? A translation is on the way

Laborant/Shutterstock.com

An expanded information-sharing program will potentially allow more than 2,600 defense suppliers access to top-secret Pentagon communications with select companies about indications of cyber threats, partly by adding context understandable to a wider audience, officials with the contractor responsible for the ramp-up say.

The defense industrial base collaboration initiative started as a pilot program during summer 2011. In May, the Pentagon allowed the whole industry to join. Participants receive disclosures when the military detects signs of unfolding malicious campaigns so that their in-house technical teams can take protective measures. The Defense Department also distributes reports about breaches participating companies have suffered, after deleting identifying information to avoid exposing the weaknesses of competitors.

Around the time the initiative began ramping up, the General Services Administration signed a deal with Lockheed Martin Corp. worth up to $454 million for help running the Defense Cyber Crime Center, or DC3, which operates the program. 

“One of our primary focuses is – ‘How do we help the government scale?’ ” said Rohan Amin, Lockheed’s program director for DC3. “Going from a small number of companies to a large number of companies is a very big problem.”

To facilitate growth, the firm is modifying communication procedures by, for example, explaining threat intelligence in a way that any military contractor, regardless of practice area, can grasp.   

The program will contextualize the data using a technique Lockheed honed to protect its own business systems and its customers’ systems. The process dissects an intruder’s attack plan into a series of actions, taken over a period of time, that are intended to achieve an ultimate goal -- for instance, obtaining drone designs from a defense contractor’s network. Analysts then devise a corresponding response for each action that, if applied along any point in the chain, can foil the crook’s plan.

“DC3 has adopted that framework to enhance its information sharing,” Amin said, referring to the breakdown of the attack path, or “cyber kill chain.”

Critics of the industrial base program are skeptical that the intelligence gained is any better than what companies already know from their commercial cybersecurity providers.

Amin responded that, from Lockheed’s perspective, the information-sharing endeavors “are of value, but like any cybersecurity tool, nothing is ever going to be a silver bullet for solving all problems.”

One unique benefit for the contractor is the ability to compare incidents happening elsewhere in industry and government with its own experiences. “If you see that you have periods where things are quiet,” but others in the same sector are experiencing network irregularities, “that may cause you to think through if there are things you are missing,” Amin said. He added that the most sophisticated adversaries move without being detected by commercial cybersecurity services.

Defense on Sept. 24 announced a one-year renewal of a separate agreement with Booz Allen Hamilton worth up to $10 million for hardware and software that transmits the threat alerts.

There is discussion of establishing similar classified exchanges with other sectors critical to daily life, such as water utilities and financial institutions. The Homeland Security Department could offer these critical sectors entry into a facility called the National Cybersecurity and Communications Integration Center that already circulates top secret warnings about threats, Seán McGurk, a former DHS official who launched the center, said on Sept. 29.

“We started the capability -- and now we need to advance that capability and we need to extend it” beyond the currently six or seven active industries, he added.

Amin said “those other critical sectors are being looked at by DHS,” but DC3 is not directly involved in the conversations.

(Image via Laborant/Shutterstock.com)

Threatwatch Alert

Thousands of cyber attacks occur each day

See the latest threats

JOIN THE DISCUSSION

Close [ x ] More from Nextgov
 
 

Thank you for subscribing to newsletters from Nextgov.com.
We think these reports might interest you:

  • Modernizing IT for Mission Success

    Surveying Federal and Defense Leaders on Priorities and Challenges at the Tactical Edge

    Download
  • Communicating Innovation in Federal Government

    Federal Government spending on ‘obsolete technology’ continues to increase. Supporting the twin pillars of improved digital service delivery for citizens on the one hand, and the increasingly optimized and flexible working practices for federal employees on the other, are neither easy nor inexpensive tasks. This whitepaper explores how federal agencies can leverage the value of existing agency technology assets while offering IT leaders the ability to implement the kind of employee productivity, citizen service improvements and security demanded by federal oversight.

    Download
  • Effective Ransomware Response

    This whitepaper provides an overview and understanding of ransomware and how to successfully combat it.

    Download
  • Forecasting Cloud's Future

    Conversations with Federal, State, and Local Technology Leaders on Cloud-Driven Digital Transformation

    Download
  • IT Transformation Trends: Flash Storage as a Strategic IT Asset

    MIT Technology Review: Flash Storage As a Strategic IT Asset For the first time in decades, IT leaders now consider all-flash storage as a strategic IT asset. IT has become a new operating model that enables self-service with high performance, density and resiliency. It also offers the self-service agility of the public cloud combined with the security, performance, and cost-effectiveness of a private cloud. Download this MIT Technology Review paper to learn more about how all-flash storage is transforming the data center.

    Download

When you download a report, your information may be shared with the underwriters of that document.