As hackers and hostile nations launch increasingly sophisticated cyberattacks against U.S. defense contractors, the Pentagon is extending a pilot program to help protect its prime suppliers.
That program could possibly serve as a model for other government agencies. It is being evaluated by the Department of Homeland Security, as part of a potential effort to extend similar protections to power plants, the electric grid and other critical infrastructure.
Efforts to better harden the networks of defense contractors come as Pentagon analysts investigate a growing number of cases involving the mishandling or removal of classified data from military and corporate systems. Intrusions into defense networks are now close to 30 percent of the Pentagon’s Cyber Crime Center’s workload, according to senior defense officials. And they say it continues to increase.
The Pentagon’s pilot program represents a key breakthrough in the Obama administration’s push to make critical networks more secure by sharing intelligence with the private sector and helping companies better protect their systems. In many cases, particularly for defense contractors, the corporate systems carry data tied to sensitive U.S. government programs and weapons.
-AP Computer hard drives, from closed criminal… View Full Caption
So far, the trial program involves at least 20 defense companies. It will be extended through mid-November, amid ongoing discussions about how to expand it to more companies and subcontractors.
"The results this far are very promising," said William Lynn, the deputy secretary of defense who launched the program in May.
Lynn, who will leave office in early October, said the government should move as quickly as possible to expand the protections to other vital sectors.
A senior DHS official said no decisions have been made, but any effort to extend the program — including to critical infrastructure — faces a number of challenges.
The official, who spoke on condition of anonymity because the program review is ongoing, said it would be helpful if Congress would pass legislation that explicitly says DHS is responsible for helping private sector companies protect themselves against cyberattack. Also, the legislation should say that companies can be protected from certain privacy and other laws in order to share information with the government for cybersecurity purposes, the official said.
Senior U.S. leaders have been blunt about the escalating dangers of a cyberattack, and have struggled to improve the security of federal networks while also encouraging the public and corporate America to do the same.
"Cyber actually can bring us to our knees," said Adm. Mike Mullen, chairman of the Joint Chiefs of Staff, adding that at some point the Pentagon may need to develop some type of governing structure similar to how the U.S. and allies monitor and limit nuclear weapons.
Data compiled by the Defense Cyber Crime Center shows that the number of investigations handled by analysts there has more than tripled over the past 10 years. And a growing number of them involve defense contractors — including those participating in the pilot program.