The Pentagon's pilot program for sharing cyber-threat information with its key vendors has worked so well that it's expanding to many more companies in the defense game, according to an announcement Friday.
“The expansion of voluntary information sharing between the department and the defense industrial base represents an important step forward in our ability to catch up with widespread cyber threats,” said the statement from Deputy Defense Secretary Ash Carter. “Increased dependence on Internet solutions have exposed sensitive but unclassified information stored on corporate systems to malicious probes, theft, and attacks. This expanded partnership between DoD and the defense industrial base will help reduce the risk of intrusions on our systems.”
DoD's announcement does not make clear whether there's a limit to the number of firms that can join the cyber-inf0-sharing arrangement, which grew from an initial class of some 20 companies, but maybe that's the point: Defense officials want to help as many vendors as possible protect their trade secrets, given the rampant pillaging we're always hearing about from China and Russia.
To make it easier, the Pentagon has set up a website through which companies can apply to join the "Defense Industrial Base Cyber Security/Information Assurance" program, provided they have the right kind of systems and already handle some DoD information. From what defense officials have said in the past, the idea is that DoD and its contractors share information about the kinds of probes and attacks they're seeing, to make it easier to defend against them. Although no one can actually say what they mean in the cyber world, the coded message in the past has been that the Pentagon mostly defends itself well, but that its vendors are getting robbed blind, which is why everyone needed to team up.
According to Carter, it's working:
“I am pleased by the deep collaboration between DoD, DHS and DIB partners," he said, in the statement. :The success of this program encourages us to explore additional ways to enhance the protection of defense industry networks and DoD information. Shared information between DoD, DHS and the defense industrial base can help us defend against the ever-growing threat of cyber attacks."