recommended reading

Defense Plan for Cyber Intel Sharing Looks Like Controversial House Bill


The Pentagon’s proposed 2014 budget outlines a cybersecurity program that is similar to a controversial bill the House is expected to vote on this week.

The Defense Department's funding request would finance "a comprehensive coordinated cybersecurity information sharing system that will serve as the foundation for cybersecurity information sharing requirements across the government." The system, "in real-time," would allow relevant pieces of information to reach authorized personnel throughout the government, so all can "connect the dots in identifying cybersecurity threats,” according to budget documents.

White House budget slides indicate that $79 million would be distributed across the departments of Homeland Security, Justice and Defense to "help agencies and the private sector connect the dots in identifying and responding to cyber incidents." DHS plans to contribute $44 million to the program, in part for "protecting individual privacy and civil liberties,” according to a department 2014 spending summary. Defense’s budget breakdown for cyber is not available yet, Pentagon officials said.

But the "real-time" part of the program requires new legislation, according to Gen. Keith Alexander, who is both head of Cyber Command and director of the National Security Agency.

“It's a legal barrier, not a technical one,” said Ed Skoudis, founder of Counter Hack Challenges.  The company built CyberCity, a 3-D model town that government and industry are using to practice securing and attacking private networks.

Only Congress can authorize new privacy and liability protections so that Internet companies do not have to go through lawyers before disclosing, for example, the timestamp on a customer’s email that contained malicious code.

The Cyber Intelligence Sharing and Protection Act, or CISPA, would grant protections and allow NSA into the sharing circle.  The House Intelligence Committee approved the measure on Wednesday and a floor vote is anticipated this Thursday.

While Alexander has not explicitly endorsed CISPA, his description of a key element needed in statute sounds a lot like it: The Defense program would require "the ability for industry to tell us in real time, and this is specifically the Internet service providers, when they see in their networks an attack starting. They can do that in real time. They have the technical capability, but they don't have the authority to share that information with us in -- at network speed. And they need liability protection when we share information back and forth and they take actions,” he said at a March Senate hearing.

Interagency and public-private communication loops feed off of each other, federal officials say. When agencies exchange quality intelligence, “this both increases government security and improves the signatures given to industry,” a former Defense official who served until last fall said. Signatures are descriptions of harmful code loaded into anti-virus software to detect threats.

Since joining in would be voluntary for companies under CISPA and current regulations, industry “needs the best possible information in order to see value in participating. Industry then shares with the government, ideally in real-time, thus completing the picture,” the official explained.

But CISPA has detractors in some high places. The Obama administration threatened to veto the measure last year, due to civil liberties concerns. The bill successfully passed the House, yet Senate Democrats, the White House and Republicans could not agree on the scope of interactions.

Last week, committee members tweaked the text to strike a better balance between security and privacy. One amendment requires the government to put restrictions on the use, storage and searching of data submitted by businesses.   

Privacy advocates were unsatisfied.

“The core problem is that CISPA allows too much sensitive information to be shared with too many people in the first place, including the National Security Agency,” Michelle Richardson, legislative counsel for the American Civil Liberties Union, wrote in a Friday column on the organization’s website.

(Image via agsandrew/

Threatwatch Alert

Accidentally leaked credentials

U.K. Cellphone Company Leaks Customer Data to Other Customers

See threatwatch report


Close [ x ] More from Nextgov

Thank you for subscribing to newsletters from
We think these reports might interest you:

  • It’s Time for the Federal Government to Embrace Wireless and Mobility

    The United States has turned a corner on the adoption of mobile phones, tablets and other smart devices, outpacing traditional desktop and laptop sales by a wide margin. This issue brief discusses the state of wireless and mobility in federal government and outlines why now is the time to embrace these technologies in government.

  • Featured Content from RSA Conference: Dissed by NIST

    Learn more about the latest draft of the U.S. National Institute of Standards and Technology guidance document on authentication and lifecycle management.

  • A New Security Architecture for Federal Networks

    Federal government networks are under constant attack, and the number of those attacks is increasing. This issue brief discusses today's threats and a new model for the future.

  • Going Agile:Revolutionizing Federal Digital Services Delivery

    Here’s one indication that times have changed: Harriet Tubman is going to be the next face of the twenty dollar bill. Another sign of change? The way in which the federal government arrived at that decision.

  • Software-Defined Networking

    So many demands are being placed on federal information technology networks, which must handle vast amounts of data, accommodate voice and video, and cope with a multitude of highly connected devices while keeping government information secure from cyber threats. This issue brief discusses the state of SDN in the federal government and the path forward.

  • The New IP: Moving Government Agencies Toward the Network of The Future

    Federal IT managers are looking to modernize legacy network infrastructures that are taxed by growing demands from mobile devices, video, vast amounts of data, and more. This issue brief discusses the federal government network landscape, as well as market, financial force drivers for network modernization.


When you download a report, your information may be shared with the underwriters of that document.