Pentagon formalizes cybersecurity program with defense industry

“The expansion of voluntary information sharing between the department and the defense industrial base represents an important step forward in our ability to stay current with emerging cyber threats,” Ashton B. Carter, deputy secretary of defense, announced Friday according to reports in The Washington Post

ADVERTISEMENT
The program, begun by DOD last year, allowed military officials to scan the networks of 17 private defense firms to see if the data on those networks had been compromised. 

With the program now formally adopted by DOD, department officials will look expand the size and scope of the program to other defense industry firms. 

Pentagon officials also plan to coordinate with the Department of Homeland Security (DHS) and the Department of Justice to monitor industry networks under the new program. 

DHS would take the lead in coordinating with the private sector and defending against attacks on U.S. networks, Gen. Keith Alexander, head of Cyber Command, told Congress in March. 

If that attack were proven to come from a foreign source, or if a cyberattack were ordered by the White House, DOD would then take over those cyber operations, Alexander said. 

The program will be a part of a new cyberwarfare strategy being worked inside the Pentagon. 

The new "standing rules of engagement" will look to expand existing Pentagon protocols regarding cyberattacks beyond military networks, the four-star general said at the time. 

The goal, according to Alexander, will be expanding DOD's authority in the online realm to give the White House more options on how to respond to a large-scale cyberattack. 

DOD officials confirmed in March that a cyberattack against U.S. Internet security firm RSA was carried out by China. 

RSA, which provides encryption software to the Pentagon and companies like PayPal, had its security software and codes stolen via a Chinese-led cyberattack. 

The company has been able to bounce back from the breach, rewriting new encryption software for the Pentagon and its customers in the private sector. 

But the incident is further proof that expanding DOD ties with the private sector is key to any future cyber strategy, Alexander explained at the time.