Despite some initial shortcomings with how cyber threat data was shared with the defense industry as part of a pilot project with the Defense Department last year, lessons were learned from the exercise and have been applied to improve the sharing effort going forward, the commander of U.S. Cyber Command said recently.
Moreover, the Defense Industrial Base (DIB) Pilot also showed that the defense industry benefits from the information sharing arrangement because it “doesn’t always see when somebody is trying to attack or exploit them,” Gen. Keith Alexander, who is also the director of the National Security Agency, told the House Armed Services Subcommittee on Emerging Threats and Capabilities. “And so having a forum where you can say, ‘Hey, somebody is trying to get into your network,’ you need to know it is useful for industry as it is for government to know when somebody is trying to attack us.”
The DIB Pilot began last August to create an information sharing forum between the DoD and internet service providers to provide certain defense firms with government information on threats to these companies. DoD and the Department of Homeland Security are working together to expand the DIB Pilot and essentially make it permanent.
Alexander said that initially the way the government was sharing the sensitive signatures of cyber threats with industry hadn’t been worked out so that “some of the early results were not much different from what they get from their own means for getting signatures.” He said that while this was the government’s fault, eventually industry “saw the value of that [sharing] in specific cases. I think that was a way of turning the corner.”
Alexander added that DoD learned that it has to share information more quickly. And from his vantage point, the lessons have been successfully implemented.
“I think we’ve solved that problem,” he said. “You can see now we’re sharing. In fact, the companies that were sharing initially [and] were not as favorable now have turned that around and have now reentered that pilot program. I think that’s a huge plus.”
Two-way information sharing between government and industry provides the “ability to tip and cue from my perspective in real-time, optional,” Alexander said. And he puts a premium on this sharing.
“I think that that’s going to be key to defending ourselves in cyber space in the future,” he said.