Pentagon helps defense companies fend off cyberattacks
WASHINGTON — The Pentagon has begun helping defense contractors protect their computer networks from cyberattacks, Deputy Defense Secretary William Lynn said this week.
Aeronautics giant Lockheed Martin, along with other high-profile companies including Google and the computer network defense firm RSA, have recently suffered damaging break-ins targeting private data.
Now, Lynn said, the Defense Department is collaborating with the Department of Homeland Security on a program called the Defense Industrial Base Cyber Pilot, which tips off companies and their Internet service providers with classified threat information. The program also provides technical know-how to deal with attacks.
“By furnishing network administrators with this threat intelligence, we will be able to strengthen the existing cyberdefenses at defense companies,” Lynn said in a keynote address at a global security conference in Paris.
But the program apparently sidesteps legal and privacy hurdles by focusing outward instead of inward.
Lynn said the cyber pilot program doesn’t intrude on company networks, and doesn’t collect data on them or monitor their communications. Instead, it provides tools to monitor the Internet for hints of incoming threats, neutralizing them with “active defenses” that shut down potential portals for cyberattack instantaneously.
Defense officials have steadfastly maintained that the Pentagon only has legal authority to police its own networks, not those of civilian companies or other parts of government.
DHS has more authority in the civilian sphere, while DOD can share important technology, Gen. Keith Alexander, head of U.S. Cyber Command, told Congress earlier this year.
“The Department of Homeland Security and the Defense Department are working with the tier one Internet service providers to provide that technical capability to them, along with some of the [threat] signatures ... to defend a couple of Defense Industrial Base companies — about 30 of them is what I think it’ll end up being,” Alexander said while previewing the program in March.
The cyber pilot program could serve as a model for more widespread protection of industry and public utilities, Lynn said.
“By establishing a lawful and effective framework for the government to help operators of one critical infrastructure sector defend their networks, we hope the DIB Cyber Pilot can be the beginning of something bigger,” he said. “It could serve as a model that can be transported to other critical infrastructure sectors, under the leadership of the Department of Homeland Security.”