Protecting privately-owned critical infrastructure is hugely complicated.
Defense executives can’t be happy that nearly one-third of the companies participating in a Pentagon pilot program to boost cybersecurity by sharing classified threat information have dropped out, apparently because it was too onerous to participate.
Five of the 17 companies in the Defense Industrial Base Enhanced Cybersecurity Services group “chose to withdraw and reallocate their resources to other corporate priorities,” InsideDefense reported, citing a Pentagon spokesman.
As Nextgov’s Aliya Sternstein reported in May, proponents of the program viewed it as a mechanism for both government and industry to learn from network intrusions without compromising corporate reputations. Because the networks that control electrical power, the banking industry and other critical services are privately owned, it is vital that federal agencies and the companies that provide these services figure out how to share sensitive data effectively.
There certainly has been progress in protecting critical infrastructure, and the DIB pilot was deemed successful enough that the Pentagon expanded it earlier this year. Other departments have made progress in this area as well. Both Homeland Security and the Energy Department have successfully partnered with utilities to prioritize investments in network security. We’ll be discussing this critical issue at an event next week here in Washington with representatives from both departments, the White House and the power sector. Please join us Oct. 31 at the National Press Club.