From: Nextgov
By Aliya Sternstein
The Defense authorization bill approved by Congress last week would require contractors to tell the Pentagon about penetrations of company-owned networks that handle military data. If President Obama signs the legislation into law, it would make permanent part of a Pentagon test program under which participating contractors report computer breaches in exchange for access to some classified cyber threat intelligence.
What began as a defense industrial base pilot program in 2011 was opened to all interested military vendors in May. In October, reports surfaced that five of the 17 initial contractors dropped out of part of the program in which the National Security Agency shares classified threat indicators with the participants, apparently because they concluded the requirements for participation were too expensive and time-consuming for any enhanced security benefit. At the time, Lockheed Martin Corp. executives who help run the program noted the growth potential of another segment of the program that allows contractors to voluntarily share information about breaches to their networks without revealing identifying information to fellow contractors and the government. Now they say interest in the whole program is increasing.
On Wednesday, Defense officials provided contradictory information about the popularity of the classified service. The number of participants in that component, called the Defense Industrial Base Enhanced Cybersecurity Services, or DECS, has not changed, said Pentagon spokesman Lt. Col. Damien Pickart. “Today, 12 DIB companies continue to receive DECS services,” he said, referring to the same total reported in October.
The new mandate would arrive as Congress and the White House grapple with requiring similar communications across all critical sectors, including the energy, healthcare and defense industries. Obama as early as January is expected to issue an executive order, which doesn’t carry the heft or permanence of law, directing those sectors to report incidents and adhere to new cybersecurity standards.
Leave a Reply