NSA launches pilot program to secure defense contractors

The National Security Agency is testing a secure domain name system model to better secure companies in the defense industrial base, whose networks house critical weapons technology information.

Anne Neuberger, the NSA's cybersecurity director, announced the agency began a pilot program, Secure DNS, during Defense One's Tech Summit June 18. The pilot, which has been ongoing for a little more than a month, can reduce malware attacks 92% on a given network, she said.

Six weeks into the pilot program she said "we certainly see that secure DNS has an impact ... we've seen it block [malicious activity] in the set of companies that are using the pilot."

"We know they're targeted because they're building weapons technology for the department," she said.

Neuberger didn't specify how many companies were involved in the pilot.

NSA partnered with Defense Department elements including the CIO to roll out a commercial managed service provider to deliver secure DNS services to a group of defense industrial base companies to test the model for security for smaller or medium-sized companies.

The pilot, which filters outside DNS requests, points to increasing concern about cyber threats against private companies that contract with the Defense Department.

DOD is in the midst of finalizing a new unified cybersecurity standard for contractors, the Cybersecurity Maturity Model Certification, and implementing a ban on China-manufactured telecommunications equipment and services due to security concerns.

Neuberger said the pilot targets the top activities that can reduce cyber risks and is accessible to smaller companies that face special challenges in paying for high-end cybersecurity services.

"There's not unlimited resources to apply in cybersecurity," she said.