Security Experts:

Department of Defense Expands Information Sharing Initiative

Department of Defense Widens of Defense Industrial Base (DIB) Cybersecurity Information Sharing Initiatives

The U.S. Department of Defense, working alongside the U.S. Department of Homeland Security, announced on Friday that they would expand the availability of the cybersecurity information assurance program launched last year.

The expansion will mean that all eligible Defense Industrial Base (DIB) companies can be added to the program. The DoD’s Voluntary DIB Cyber Security/ Information Assurance (CS/IA) Program was launched last year in order to strengthen the security posture of both public and private critical infrastructure.

For those unfamiliar, the Defense Industrial Base sector includes government and private sector organizations that perform research and development, design, production, delivery, and maintenance of military weapons systems, subsystems, components, or parts for the military. According to the Department of Defense, the DIB Sector includes tens of thousands of companies and subcontractors providing services and incidental materials to the DoD.

Department of DefenseThe reason for the program is simple in the DoD’s eyes; threats to the DIB’s information systems from the Internet present an “unacceptable risk of compromise of DoD information and pose an imminent threat to U.S. national security and economic security interests.”

As part of the CS/IA Program, the DoD provides DIBs with unclassified indicators and related, classified contextual information. From there, the DIBs can review or act on the contextual information as they wish to better address the threats they face. The DoD will also share mitigation measures to assist DIBs in their cybersecurity efforts.

In return for this, DIBs will report known intrusions and participate in damage assessments if needed. Moreover, the DIB is encouraged to report any cybersecurity event that may hold some interest to the other CS/IA Program participants if they choose.

Additionally, as an optional part of the program, the Government will provide classified threat and technical information to participating DIB Companies or their Commercial Service Providers (CSPs), in an effort to enable them to counter additional types of known malicious activity and to further protect Department of Defense program information.

“The expansion of voluntary information sharing between the department and the defense industrial base represents an important step forward in our ability to catch up with widespread cyber threats,” said Ashton Carter, deputy secretary of defense. “Increased dependence on Internet solutions have exposed sensitive but unclassified information stored on corporate systems to malicious probes, theft, and attacks. This expanded partnership between DoD and the defense industrial base will help reduce the risk of intrusions on our systems.”

A wider overview of the program is available here here.

There are some basic requirements in order to take part in the CS/IA Program. A complete list of those essentials are listed here.

Steve Ragan is a security reporter and contributor for SecurityWeek. Prior to joining the journalism world in 2005, he spent 15 years as a freelance IT contractor focused on endpoint security and security training.