Cybersecurity

Symantec joins DOD cyber threat-sharing group

Cybersecurity firm Symantec has joined a Department of Defense information-sharing program designed to spot threats targeting the defense contracting base.

The company announced April 22 that it was joining the Defense Industrial Base Cybersecurity Program, a voluntary public-private information-sharing program that provides participants with classified and unclassified information as well as best practices around information assurance. It aims to facilitate better situational awareness about IT security threats to unclassified contractor networks and information systems.

The addition of Symantec, which already has a robust threat intelligence network in place, could help bolster the quality and sophistication of the information that flows through the program. Symantec claims data for its Global Intelligence Network is culled from 175 million protected endpoints and 123 million attack sensors that collect cyber threat telemetry vectors worldwide.

In order to qualify for the DOD program, a company must be a cleared contractor with the ability to view and handle classified information at the Secret level or higher.

Chris Townsend, the company’s vice president of federal, said “Symantec is proud to become a member of this important community” in a statement.

The program is just one of a growing number of tools meant to address cybersecurity gaps in the defense contractor space. Military leaders have become increasingly concerned about the impact of compromised hardware or software on weapons and information systems, whether through bugs and other software vulnerabilities or sabotage in the technology supply chain. In both areas, contractors have come under increasing scrutiny as a potential avenue for nation-states to exploit.

Growing awareness of the threat, along with concerns that elements of the defense contracting base are weak links in the government's cybersecurity chain, has led DOD officials and policymakers in Congress to experiment with a range of potential solutions.

A Senate Armed Services committee hearing on cybersecurity threats to the defense industrial base last month drew exasperated responses from a number of senators frustrated that the U.S. was seemingly prioritizing contractor profits and convenience over national security. Ranking member Joe Manchin (D-W.Va.) said, "We've got to be the stupidest people in the world to let this happen," and suggested that the committee and Congress may need to update federal contracting and procurement rules.

Recently, Secretary of the Navy Richard Spencer told the House Armed Services Committee that tightening up contractor security practices was one of the branch's top priorities in 2020. He urged lawmakers to pass legislation that would add a new assistant secretary for cybersecurity position that would focus on the defense industrial base.

Earlier this year, DOD CIO Dana Deasy floated the possibility that the department could move away from the current model of contractors self-certifying their compliance with National Institute of Standards and Technology cybersecurity guidelines and instead empower a third-party organization leveraging machine learning to examine and audit contractors' security posture.

About the Author

Derek B. Johnson is a former senior staff writer at FCW.

Featured

  • Defense
    Soldiers from the Old Guard test the second iteration of the Integrated Visual Augmentation System (IVAS) capability set during an exercise at Fort Belvoir, VA in Fall 2019. Photo by Courtney Bacon

    IVAS and the future of defense acquisition

    The Army’s Integrated Visual Augmentation System has been in the works for years, but the potentially multibillion deal could mark a paradigm shift in how the Defense Department buys and leverages technology.

  • Cybersecurity
    Deputy Secretary of Homeland Security Alejandro Mayorkas  (U.S. Coast Guard photo by Petty Officer 3rd Class Lora Ratliff)

    Mayorkas announces cyber 'sprints' on ransomware, ICS, workforce

    The Homeland Security secretary announced a series of focused efforts to address issues around ransomware, critical infrastructure and the agency's workforce that will all be launched in the coming weeks.

Stay Connected