Decision on expanding cyber defense program due in March
WASHINGTON (Reuters) – The government will decide in about two months whether to expand a Pentagon pilot program that uses classified National Security Agency data to protect the computer networks of 17 defense contractors, the Pentagon’s chief cyber official said.
The pilot program has largely been successful since its start about a year ago, although it has faced some legal, technical and policy challenges, said Eric Rosenbach, a former Army intelligence officer who was appointed deputy assistant secretary of defense for cyber policy in September.
The Obama administration has stepped up its efforts to better protect government and industry computer networks over the past year given increasingly numerous and sophisticated attacks from a growing number of nation-states.
“Bolstering the strategic defense of the country and critical sectors is a very important priority for the Department of Defense,” Rosenbach told Reuters, noting cybersecurity activities would likely see steady or increased investment in coming years, even as overall defense spending declined.
Rosenbach said most public-private partnerships did not add much value to cybersecurity efforts, but the Defense Industrial Base pilot was proving it could help weapons makers defend their networks against increasingly sophisticated and numerous attacks from a growing number of foreign countries.
The pilot includes the biggest U.S. weapons makers, including Lockheed Martin Corp, which disclosed in May that it had detected and thwarted “a significant and tenacious attack” on its information systems network.
“It’s one of the first and only operational models that we’ve gotten off the ground and have demonstrated that it can actually provide some additional measure of protection,” he said in an interview at the Pentagon.
“We don’t say it’s perfect or it’s bulletproof. But when you’re thinking about cyber security in terms of trying to manage risk, this is one additional tool to do that.”
Rosenbach said a study completed by Carnegie Mellon University for the Pentagon revealed some challenges with the pilot program and provided important lessons that would be used to improve the pilot program.
Representative James Langevin of Rhode Island, who co-founded the Congressional Cybersecurity Caucus, supports Pentagon efforts to avert the loss of national security data, but sharing data with industry is not enough.
“We need a comprehensive approach to cybersecurity,” he said in a statement responding to the Carnegie Mellon report.
In additional to data-sharing, he said the government needed to work for international norms and put in place for those who managed the country’s critical infrastructure.
The Obama administration decided in November to continue the program for least 120 days and put the Department of Homeland Security (DHS) in charge of the relationship with internet service providers, effective January 15.
Rosenbach said that, while DHS would have the lead, the Department of Defense and the National Security Agency would still play a strong supporting role.
Once additional legal and technical reviews were completed, the administration would decide whether to expand the current pilot program to additional companies in the defense industry, he said, noting that it no specific number of possible companies to add to the program had been designated.
If the pilot was expanded and proved successful, then DHS could use similar systems to protect 15 other critical infrastructure sectors, such as transportation, power companies and the financial sector, he said.
(Reporting By Andrea Shalal-Esa; editing by Andre Grenon)
Mochila insert follows …
[Image via Shutterstock.com.]