DHS takes key role in DOD cybersecurity program

The Pentagon’s Defense Industrial Base (DIB) Cyber Pilot, first outlined last July by then-Deputy Defense Secretary William Lynn, has given the Homeland Security department an expanded role; DHS  will take over communications with private Internet service providers. The ISPs are a critical part of the pilot program, responsible for filtering incoming e-mails of DIB participants.

DIB, overall, is a voluntary partnership between DOD and the contractors supporting it in order to combat cyber threats.


Related story

DOD releases 5-point cyber defense plan


With DHS now in on the program, it’s evolved into the Joint Cybersecurity Services Pilot (JCSP), according to a DHS privacy assessment.

“The JCSP seeks to build upon the DIB Opt-In Pilot and allow DHS, through the National Cyber Security Division U.S. Computer Emergency Readiness Team, to share indicators and other information about known or suspected cyber threats directly with [commercial service providers] to enhance the protection of JCSP participants, including certain DIB companies and any participating federal agencies,” the DHS assessment stated.

According to a NextGov report, DOD will continue to oversee communications with the contractors participating in the program.

There’s been talk of expanding the pilot since it was first rolled out. In his announcement Lynn said expansion of the program would be possible once an assessment of the program had been conducted.

That assessment has now been completed – with mixed reviews, according to a Washington Post report on the study’s findings, which have not been made public.

The initial leg of the pilot program has demonstrated the viability of information-sharing among private companies and government agencies, according to the Post report. It has also showed ISPs are capable of handling the classified National Security Agency-provided intelligence being used among participants, including NSA signatures of malicious code, which are the fingerprints of potentially dangerous malware.

But the program hasn’t proved effective in staving off cyber attacks that participants could have prevented themselves without the shared data. For example, of the 52 malicious activity incidents detected during the test run, only two were found using NSA’s data, the report stated.

“Unfortunately, the report on the DIB Pilot Program highlights one of my continuing points, that there is no silver bullet in cybersecurity,” Rep. James Langevin (D-R.I.), co-founder of the Congressional Cybersecurity Caucus, said in a statement. “Signature-based defenses alone will never be enough to secure our defense contractors, our classified networks or our critical infrastructure. We need a comprehensive approach to cybersecurity that incorporates innovative information-sharing arrangements with industry, while also boosting our capabilities for our own defenses and those who manage our critical infrastructure.”

While the pilot program is expanding by bringing DHS into the fold, it appears no new companies have been added. When Lynn announced the program last summer, he said the pilot comprises less than two dozen commercial defense companies with which DOD shares classified threat intelligence.

About the Author

Amber Corrin is a former staff writer for FCW and Defense Systems.

The Fed 100

Read the profiles of all this year's winners.

Featured

  • Then-presidential candidate Donald Trump at a 2016 campaign event. Image: Shutterstock

    'Buy American' order puts procurement in the spotlight

    Some IT contractors are worried that the "buy American" executive order from President Trump could squeeze key innovators out of the market.

  • OMB chief Mick Mulvaney, shown here in as a member of Congress in 2013. (Photo credit Gage Skidmore/Flickr)

    White House taps old policies for new government makeover

    New guidance from OMB advises agencies to use shared services, GWACs and federal schedules for acquisition, and to leverage IT wherever possible in restructuring plans.

  • Shutterstock image (by Everett Historical): aerial of the Pentagon.

    What DOD's next CIO will have to deal with

    It could be months before the Defense Department has a new CIO, and he or she will face a host of organizational and operational challenges from Day One

  • USAF Gen. John Hyten

    General: Cyber Command needs new platform before NSA split

    U.S. Cyber Command should be elevated to a full combatant command as soon as possible, the head of Strategic Command told Congress, but it cannot be separated from the NSA until it has its own cyber platform.

  • Image from Shutterstock.

    DLA goes virtual

    The Defense Logistics Agency is in the midst of an ambitious campaign to eliminate its IT infrastructure and transition to using exclusively shared, hosted and virtual services.

  • Fed 100 logo

    The 2017 Federal 100

    The women and men who make up this year's Fed 100 are proof positive of what one person can make possibile in federal IT. Read on to learn more about each and every winner's accomplishments.

Reader comments

Please post your comments here. Comments are moderated, so they may not appear immediately after submitting. We will not post comments that we consider abusive or off-topic.

Please type the letters/numbers you see above

More from 1105 Public Sector Media Group