recommended reading

Confused by Defense cyber threat alerts? A translation is on the way

Laborant/Shutterstock.com

An expanded information-sharing program will potentially allow more than 2,600 defense suppliers access to top-secret Pentagon communications with select companies about indications of cyber threats, partly by adding context understandable to a wider audience, officials with the contractor responsible for the ramp-up say.

The defense industrial base collaboration initiative started as a pilot program during summer 2011. In May, the Pentagon allowed the whole industry to join. Participants receive disclosures when the military detects signs of unfolding malicious campaigns so that their in-house technical teams can take protective measures. The Defense Department also distributes reports about breaches participating companies have suffered, after deleting identifying information to avoid exposing the weaknesses of competitors.

Around the time the initiative began ramping up, the General Services Administration signed a deal with Lockheed Martin Corp. worth up to $454 million for help running the Defense Cyber Crime Center, or DC3, which operates the program. 

“One of our primary focuses is – ‘How do we help the government scale?’ ” said Rohan Amin, Lockheed’s program director for DC3. “Going from a small number of companies to a large number of companies is a very big problem.”

To facilitate growth, the firm is modifying communication procedures by, for example, explaining threat intelligence in a way that any military contractor, regardless of practice area, can grasp.   

The program will contextualize the data using a technique Lockheed honed to protect its own business systems and its customers’ systems. The process dissects an intruder’s attack plan into a series of actions, taken over a period of time, that are intended to achieve an ultimate goal -- for instance, obtaining drone designs from a defense contractor’s network. Analysts then devise a corresponding response for each action that, if applied along any point in the chain, can foil the crook’s plan.

“DC3 has adopted that framework to enhance its information sharing,” Amin said, referring to the breakdown of the attack path, or “cyber kill chain.”

Critics of the industrial base program are skeptical that the intelligence gained is any better than what companies already know from their commercial cybersecurity providers.

Amin responded that, from Lockheed’s perspective, the information-sharing endeavors “are of value, but like any cybersecurity tool, nothing is ever going to be a silver bullet for solving all problems.”

One unique benefit for the contractor is the ability to compare incidents happening elsewhere in industry and government with its own experiences. “If you see that you have periods where things are quiet,” but others in the same sector are experiencing network irregularities, “that may cause you to think through if there are things you are missing,” Amin said. He added that the most sophisticated adversaries move without being detected by commercial cybersecurity services.

Defense on Sept. 24 announced a one-year renewal of a separate agreement with Booz Allen Hamilton worth up to $10 million for hardware and software that transmits the threat alerts.

There is discussion of establishing similar classified exchanges with other sectors critical to daily life, such as water utilities and financial institutions. The Homeland Security Department could offer these critical sectors entry into a facility called the National Cybersecurity and Communications Integration Center that already circulates top secret warnings about threats, Seán McGurk, a former DHS official who launched the center, said on Sept. 29.

“We started the capability -- and now we need to advance that capability and we need to extend it” beyond the currently six or seven active industries, he added.

Amin said “those other critical sectors are being looked at by DHS,” but DC3 is not directly involved in the conversations.

(Image via Laborant/Shutterstock.com)

Threatwatch Alert

Credential-stealing malware / User accounts compromised / Software vulnerability

Android Malware Infects More than 1M Phones, Adds 13,000 Devices a Day

See threatwatch report

JOIN THE DISCUSSION

Close [ x ] More from Nextgov
 
 

Thank you for subscribing to newsletters from Nextgov.com.
We think these reports might interest you:

  • Featured Content from RSA Conference: Dissed by NIST

    Learn more about the latest draft of the U.S. National Institute of Standards and Technology guidance document on authentication and lifecycle management.

    Download
  • PIV- I And Multifactor Authentication: The Best Defense for Federal Government Contractors

    This white paper explores NIST SP 800-171 and why compliance is critical to federal government contractors, especially those that work with the Department of Defense, as well as how leveraging PIV-I credentialing with multifactor authentication can be used as a defense against cyberattacks

    Download
  • Toward A More Innovative Government

    This research study aims to understand how state and local leaders regard their agency’s innovation efforts and what they are doing to overcome the challenges they face in successfully implementing these efforts.

    Download
  • From Volume to Value: UK’s NHS Digital Provides U.S. Healthcare Agencies A Roadmap For Value-Based Payment Models

    The U.S. healthcare industry is rapidly moving away from traditional fee-for-service models and towards value-based purchasing that reimburses physicians for quality of care in place of frequency of care.

    Download
  • GBC Flash Poll: Is Your Agency Safe?

    Federal leaders weigh in on the state of information security

    Download
  • Data-Centric Security vs. Database-Level Security

    Database-level encryption had its origins in the 1990s and early 2000s in response to very basic risks which largely revolved around the theft of servers, backup tapes and other physical-layer assets. As noted in Verizon’s 2014, Data Breach Investigations Report (DBIR)1, threats today are far more advanced and dangerous.

    Download

When you download a report, your information may be shared with the underwriters of that document.