Over the past year the Department of Defense (DOD) has been conducting the Defense Industrial Base (DIB) pilot program which increased the amount of classified and unclassified information flowing between the DOD and private industry. The pilot included 17 defense companies and internet carriers AT&T, Verizon and CenturyLink.
In recent years, foreign hackers have had more success stealing information from systems owned and operated by companies in the defense industrial base. Lockheed Martin is among the companies included in the pilot program, which several years ago had terabytes of data related to the Pentagon’s Joint Strike Fighter project stolen from its networks.
The program utilizes NSA signatures to filter incoming e-mails which, due to the small number of false-positives, has been considered a success. However, the program has been less effective at redirecting outbound traffic headed for bad web sites.
Rep. James R. Langevin (D-R.I.), co-founder of the Congressional Cybersecurity Caucus, commented on the programs need for a more complete solution, “Signature-based defenses alone will never be enough to secure our critical infrastructure. We need a comprehensive approach that incorporates innovative information sharing with industry, while holding them accountable for stronger security.”
Although the program has had mixed results, defense officials are pushing to get approval from the Office of Management and Budget to expand the program to include roughly 200 firms. Moving forward the program will include a broader sample of companies and more comprehensive set of signatures.