The Departments of Defense and Homeland Security are expanding a program where government shares cybersecurity information with members of the Defense Industrial Base handling sensitive government information.
The voluntary program, which began more than a year ago with approximately 30 companies, is now expanding to all eligible DIB companies.
“The expansion of voluntary information sharing between the department and the defense industrial base represents an important step forward in our ability to catch up with widespread cyber threats,” said Deputy Secretary of Defense Ashton Carter. “Increased dependence on Internet solutions have exposed sensitive but unclassified information stored on corporate systems to malicious probes, theft, and attacks. This expanded partnership between DOD and the defense industrial base will help reduce the risk of intrusions on our systems.”
The DOD’s Voluntary DIB Cyber Security/Information Assurance Program includes a voluntary information sharing component under which DIB companies and the government agree to share cybersecurity information out of a mutual concern for the protection of sensitive but unclassified information related to DOD programs on DIB company networks.
Under the DIB CS/IA Program, DOD provides participating DIB companies with unclassified cyber threat indicators and related, classified contextual information. DIB companies can choose whether to incorporate the indicators into their own traffic screening or other security tools, and they can use the contextual information to better understand and defend against the cybersecurity threats. DOD also shares mitigation measures to assist DIB companies’ cybersecurity efforts.
DIB companies also report known intrusion events to the government and may participate in government damage assessments, if needed. A DIB company may report any cybersecurity event that may be of interest to the government and DIB cyber community, at its discretion.
The United States continues to face a significant risk that critical defense information residing on DIB networks and systems can be compromised by malicious cyber actors resulting in potential economic losses or damage to national security, DOD said.
“I am pleased by the deep collaboration between DOD, DHS and DIB partners. The success of this program encourages us to explore additional ways to enhance the protection of defense industry networks and DOD information,” said Carter. “Shared information between DOD, DHS and the defense industrial base can help us defend against the ever-growing threat of cyber attacks.”