The U.S. Defense Department wants to expand a pilot project for sharing information on cybersecurity threats among its contractors to 200 companies from the current 37, Teri Takai, the Pentagon’s Chief Information Officer said.
The department expects to get approval from the White House for the expansion within 60 days, Takai said today at a conference in Arlington, Virginia, organized by U.S. Representative Jim Moran, a Virginia Democrat.
“We provide information to them as it relates to threats, and they also share in a confidential manner the threats they face and the actions they’re taking,” Takai told reporters at the conference, referring to defense contractors. “We all get hit by the same kinds of things but also different” threats from time to time, she said.
The Pentagon started the Defense Industrial Base Information Sharing Environment two years ago to test how the Defense Department and companies could share information on attacks aimed at the computer networks of contractors that design, develop and build U.S. weapons. Companies’ participation in the program is voluntary.
Approval from the White House Office of Management and Budget is required because the project involves “agreement between government and private entities,” Takai said. Clearance may also may pave the way for a project led by the Department of Homeland Security that is intended to bolster corporate cybersecurity, she said.
The Homeland Security project would let Internet service providers such as Verizon Communications Inc. and defense contractors such as Lockheed Martin Corp. receive classified intelligence data that would be used to protect other companies from cyber attacks.
Expanded information-sharing is needed because hackers, especially in China, are accelerating efforts to penetrate computer networks such as those of defense contractors, Rear Admiral Samuel Cox, director of intelligence for the U.S. Cyber Command, told reporters at today’s conference.
“The rate of amount of cyber exploitation by China continues to increase significantly,” he said. “The changes are in regards to the sophistication of what they are going after.”
Contractors are coming under increasing attack because the Pentagon has greatly improved its capability to defend its classified networks, Cox said.
“They go after the weaker links, and they are having significant success in that regard,” Cox said.
Asked if Chinese hacking efforts were state-organized or carried out independently, Cox said, “When you look at China’s system of government, there is very little that goes on in that country the government doesn’t know about.”