Security Experts:

Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Security Architecture

Department of Defense Expands Information Sharing Initiative

Department of Defense Widens of Defense Industrial Base (DIB) Cybersecurity Information Sharing Initiatives

The U.S. Department of Defense, working alongside the U.S. Department of Homeland Security, announced on Friday that they would expand the availability of the cybersecurity information assurance program launched last year.

Department of Defense Widens of Defense Industrial Base (DIB) Cybersecurity Information Sharing Initiatives

The U.S. Department of Defense, working alongside the U.S. Department of Homeland Security, announced on Friday that they would expand the availability of the cybersecurity information assurance program launched last year.

The expansion will mean that all eligible Defense Industrial Base (DIB) companies can be added to the program. The DoD’s Voluntary DIB Cyber Security/ Information Assurance (CS/IA) Program was launched last year in order to strengthen the security posture of both public and private critical infrastructure.

For those unfamiliar, the Defense Industrial Base sector includes government and private sector organizations that perform research and development, design, production, delivery, and maintenance of military weapons systems, subsystems, components, or parts for the military. According to the Department of Defense, the DIB Sector includes tens of thousands of companies and subcontractors providing services and incidental materials to the DoD.

Department of DefenseThe reason for the program is simple in the DoD’s eyes; threats to the DIB’s information systems from the Internet present an “unacceptable risk of compromise of DoD information and pose an imminent threat to U.S. national security and economic security interests.”

As part of the CS/IA Program, the DoD provides DIBs with unclassified indicators and related, classified contextual information. From there, the DIBs can review or act on the contextual information as they wish to better address the threats they face. The DoD will also share mitigation measures to assist DIBs in their cybersecurity efforts.

In return for this, DIBs will report known intrusions and participate in damage assessments if needed. Moreover, the DIB is encouraged to report any cybersecurity event that may hold some interest to the other CS/IA Program participants if they choose.

Additionally, as an optional part of the program, the Government will provide classified threat and technical information to participating DIB Companies or their Commercial Service Providers (CSPs), in an effort to enable them to counter additional types of known malicious activity and to further protect Department of Defense program information.

“The expansion of voluntary information sharing between the department and the defense industrial base represents an important step forward in our ability to catch up with widespread cyber threats,” said Ashton Carter, deputy secretary of defense. “Increased dependence on Internet solutions have exposed sensitive but unclassified information stored on corporate systems to malicious probes, theft, and attacks. This expanded partnership between DoD and the defense industrial base will help reduce the risk of intrusions on our systems.”

A wider overview of the program is available here here.

There are some basic requirements in order to take part in the CS/IA Program. A complete list of those essentials are listed here.

Written By

Click to comment

Expert Insights

Related Content

Identity & Access

Hackers rarely hack in anymore. They log in using stolen, weak, default, or otherwise compromised credentials. That’s why it’s so critical to break the...

Audits

Out of the 335 public recommendations on a comprehensive cybersecurity strategy made since 2010, 190 were not implemented by federal agencies as of December...

Network Security

Attack surface management is nothing short of a complete methodology for providing effective cybersecurity. It doesn’t seek to protect everything, but concentrates on areas...

Application Security

Fortinet on Monday issued an emergency patch to cover a severe vulnerability in its FortiOS SSL-VPN product, warning that hackers have already exploited the...

Application Security

Big-game malware hunters at Volexity are shining the spotlight on a sophisticated Chinese APT caught recently exploiting a Sophos firewall zero-day to plant backdoors...

Endpoint Security

Apple has launched a new security research blog and website, which will also be the new home of the company’s bug bounty program.

Incident Response

Implementation of security automation can be overwhelming, and has remained a barrier to adoption

Application Security

Cybersecurity powerhouse Palo Alto Networks on Thursday announced plans to spend $195 million in cash to acquire Israeli startup Cider Security, a deal that...