Symantec joins DOD cyber threat-sharing group

Cybersecurity firm Symantec has joined a Department of Defense information-sharing program designed to spot threats targeting the defense contracting base.

The company announced April 22 that it was joining the Defense Industrial Base Cybersecurity Program, a voluntary public-private information-sharing program that provides participants with classified and unclassified information as well as best practices around information assurance. It aims to facilitate better situational awareness about IT security threats to unclassified contractor networks and information systems.

The addition of Symantec, which already has a robust threat intelligence network in place, could help bolster the quality and sophistication of the information that flows through the program. Symantec claims data for its Global Intelligence Network is culled from 175 million protected endpoints and 123 million attack sensors that collect cyber threat telemetry vectors worldwide.

In order to qualify for the DOD program, a company must be a cleared contractor with the ability to view and handle classified information at the Secret level or higher.

Chris Townsend, the company’s vice president of federal, said “Symantec is proud to become a member of this important community” in a statement.

The program is just one of a growing number of tools meant to address cybersecurity gaps in the defense contractor space. Military leaders have become increasingly concerned about the impact of compromised hardware or software on weapons and information systems, whether through bugs and other software vulnerabilities or sabotage in the technology supply chain. In both areas, contractors have come under increasing scrutiny as a potential avenue for nation-states to exploit.

Growing awareness of the threat, along with concerns that elements of the defense contracting base are weak links in the government's cybersecurity chain, has led DOD officials and policymakers in Congress to experiment with a range of potential solutions.

A Senate Armed Services committee hearing on cybersecurity threats to the defense industrial base last month drew exasperated responses from a number of senators frustrated that the U.S. was seemingly prioritizing contractor profits and convenience over national security. Ranking member Joe Manchin (D-W.Va.) said, "We've got to be the stupidest people in the world to let this happen," and suggested that the committee and Congress may need to update federal contracting and procurement rules.

Recently, Secretary of the Navy Richard Spencer told the House Armed Services Committee that tightening up contractor security practices was one of the branch's top priorities in 2020. He urged lawmakers to pass legislation that would add a new assistant secretary for cybersecurity position that would focus on the defense industrial base.

Earlier this year, DOD CIO Dana Deasy floated the possibility that the department could move away from the current model of contractors self-certifying their compliance with National Institute of Standards and Technology cybersecurity guidelines and instead empower a third-party organization leveraging machine learning to examine and audit contractors' security posture.

About the Author

Derek B. Johnson is a former senior staff writer at FCW.


  • Workforce
    Shutterstock image 1658927440 By Deliris masks in office coronavirus covid19

    White House orders federal contractors vaccinated by Dec. 8

    New COVID-19 guidance directs federal contractors and subcontractors to make sure their employees are vaccinated — the latest in a series of new vaccine requirements the White House has been rolling out in recent weeks.

  • FCW Perspectives
    remote workers (elenabsl/

    Post-pandemic IT leadership

    The rush to maximum telework did more than showcase the importance of IT -- it also forced them to rethink their own operations.

Stay Connected