A new U.S. military program shares classified information about cyber threats with defense contractors and their ISPs as part of a stepped up effort to blunt potential cyber attacks, a Department of Defense official announced on Thursday.
Through such sharing, the military hopes to protect strategic information stored in contractors' networks and maintain a technology lead over adversaries, says Deputy Defense Secretary William Lynn.
The program, called Defense Industrial Base Cyber Pilot went into effect last month, Lynn announced during an address to the Center for Strategic Decision Research's 28th International Workshop on Global Security held in Paris. Lynn didn't detail exactly what information would be shared.
Nations need to set up similar cooperative relationships with their allies, Lynn says, to share intelligence about the latest threats. "In cyberspace, the more attack signatures you can see, and the more intrusions you can trace, the better your defense will be," he says. "Just as our air and space defenses are linked with those of our allies to provide warning of airborne and missile attacks, so too can we cooperatively monitor our computer networks for cyber intrusions."
He cited recent cooperation among NATO countries as important. The alliance has made cyber security a lead priority and has started efforts to strengthen its network defenses, he says. Last week it finalized cyber security policy guidelines, and it has committed to make its Cyber Incident Response Center fully operational by 2012.
The European Union has also been brought into the picture with a joint cyber exercise being scheduled for later this year, he says. The goal of the effort is to better coordinate U.S. computer emergency readiness teams with the EU's new cyber security unit, he says.
Lynn spelled out three steps nations must take to be ready for new, more destructive types of attacks that are being developed.
* Improve defenses of military networks and set policies for how and when branches of the military to deal with operations in cyber space.
* Work with allies and partners on cooperative cyber defenses to strengthen their ability to monitor and respond to intrusions.
* Form partnerships with the operators of critical infrastructure, such as power grids and financial networks.
The range of actions necessary to enhance cybersecurity will require engagement in our defense institutions, across our governments, between our nations, and between the public and private sectors.
"In short," Lynn continued, "we must work together, as everyone -- from ordinary citizens, to the owners and operators of critical infrastructure, to our warfighters on the front lines -- has a stake in cybersecurity."