DoD Sharing Threat Data With Critical Industries

← Back to Stories (view on slashdot.org)

DoD Sharing Threat Data With Critical Industries

Posted by kdawson on Monday May 25, 2009 @07:29PM from the scratch-your-back dept.

Hugh Pickens writes "The Washington Post reports that for the past two years, the Defense Department has been collaborating with critical industries to stem the loss of important defense industry data — by some estimates at least $100 billion worth over that time. The Pentagon is considering ways to share its threat data with other industries including telecommunications and Internet service providers, led by the DoD's Cyber Crime Center, the clearinghouse for threat data from the NSA, military agencies, the DHS, and industry. The Pentagon's trial program with industry illuminates the promise and the pitfalls of such partnerships: a reluctance of intelligence and law enforcement agencies to release threat data they consider classified, and the companies' fear of losing control over personal or proprietary information. 'This isn't just about national security,' says Barbara Fast, vice president of Boeing Cyber Solutions. 'It's about the economic well-being of the United States.'"

55 comments

When do -I- get the data by interkin3tic · 2009-05-25 19:35 · Score: 1

Send it with my bailout check soon please.
Really? by noundi · 2009-05-25 19:36 · Score: 3, Funny

"It's about the economic well-being of the United States."
It's about my stock options damn it!

--
I am the lawn!
1. Re:Really? by goose-incarnated · 2009-05-25 21:16 · Score: 1
  
  "It's about the economic well-being of the United States."
  It's about my stock options damn it!
  Yeah, thats what I said about my stock options too. Didn't help me none either
  
  --
  I'm a minority race. Save your vitriol for white people.
Almighty Dollar by daveime · 2009-05-25 20:02 · Score: 4, Funny

'This isn't just about national security,' says Barbara Fast, vice president of Boeing Cyber Solutions. 'It's about the economic well-being of the United States.'
Of course. How is the CIA supposed to sell military tech to 3rd world despots and dictators, if the bastards keep stealing it for free ?
1. Re:Almighty Dollar by Jurily · 2009-05-25 20:41 · Score: 2, Funny
  
  How is the CIA supposed to sell military tech to 3rd world despots and dictators, if the bastards keep stealing it for free ?
  Considering weapons is just about the only thing not Made In China, that could actually be a good thing.
2. Re:Almighty Dollar by daveime · 2009-05-25 21:01 · Score: 1
  
  So it's okay with you the actual selling of weapons to those kind of 3rd world dictators, provided they have "proudly made in USA" stamped on the side, and not "made in PRC" ?
  Scary, but for some reason, not surprising.
3. Re:Almighty Dollar by Jurily · 2009-05-25 21:21 · Score: 1
  
  So it's okay with you the actual selling of weapons to those kind of 3rd world dictators, provided they have "proudly made in USA" stamped on the side, and not "made in PRC" ?
  I don't give a crap either way. I live in Hungary.
4. Re:Almighty Dollar by Hurricane78 · 2009-05-25 22:39 · Score: 1
  
  Well. Not better than leaving them in the hands of the 1st world dictators, is it? ^^
  
  --
  Any sufficiently advanced intelligence is indistinguishable from stupidity.
5. Re:Almighty Dollar by morgan_greywolf · 2009-05-26 01:01 · Score: 1
  
  Considering weapons is just about the only thing not Made In China,
  I wouldn't count on that.
  
  --
  My blog
Always been about foreign exploitation by FriendlyLurker · 2009-05-25 20:09 · Score: 5, Informative

national security...It's about the economic well-being of the United States
As Major General Smedley Darlington Butler, Americas most highly decorated Marine by the time of his death pointed out in his short book War is a racket; all military/spy agency has ever been is about "economic well-being" for a select few, and was _never_ about National Security. Using his unmatched experience "protecting" the US around the world, he went on to explain why economic well being and real National Security are apposing goals.
1. Re:Always been about foreign exploitation by adavies42 · 2009-05-25 21:27 · Score: 2, Funny
  
  how can you possibly expect me to take someone named "Smedley Darlington Butler" seriously?
  
  --
  Media that can be recorded and distributed can be recorded and distributed.
  -kfg
2. Re:Always been about foreign exploitation by operator_error · 2009-05-25 21:48 · Score: 1
  
  Well, he was properly cited; so why not? Maybe he is deserving of your trust & respect? (so let's forget the silly semantics of his given name?)
3. Re:Always been about foreign exploitation by jo42 · 2009-05-26 00:29 · Score: 1
  
  The Americans elected someone named "George Bush" to the presidency several times.
4. Re:Always been about foreign exploitation by WED+Fan · 2009-05-26 02:01 · Score: 1
  
  how can you possibly expect me to take someone named "Smedley Darlington Butler" seriously?
  He's friends with Doctor Charles Emerson Winchester.
  Score +1 for the non-tech pop reference.
  
  --
  Politics is the art of looking for trouble, finding it everywhere, diagnosing it incorrectly and applying the wrong fix.
5. Re:Always been about foreign exploitation by Runaway1956 · 2009-05-26 02:53 · Score: 1
  
  That seems damned silly. I grew up with an Anglo background, and many African names sound "odd" to my ears. Some eastern European names do as well. Ditto with Asian and Arab names. I should make fun of, and dismiss, anyone with a name that I'm not accustomed to? You suggest that a scientific discovery made by someon in India may not have much value, simply because I have no idea how to pronounce his name? Ethnocentrism really has little value in today's world..... I haven't even looked to see just who Smedley is, but I already know that he's a marine from the rest of this article. A US Marine with any serious rank is someone to take seriously, no matter what his Mama named him. (For that matter, the same goes for the United States' Commander in Chief - he's a funny looking bastid, but you had better take him seriously.)
  
  --
  "Windows is like the faint smell of piss in a subway: it's there, and there's nothing you can do about it." - Charlie Br
6. Re:Always been about foreign exploitation by Phrogman · 2009-05-26 03:16 · Score: 1
  
  The primary purpose of the US Government and the US Military is to protect the economic interests of major US companies, each according to their campaign contributions. History is littered with examples of the US Government sending in the troops to ensure some local National Government didn't attempt to take over US commercial interests, or the CIA to overthrow a Government (legally elected or otherwise) that might disagree with US Corporate interests. I will likely get modified Troll and Flamebait but its not far off the truth IMHO.
  
  --
  "The first time I got drunk, I got married. The second time I bought a chimpanzee, after that I stayed sober" Arian Seid
7. Re:Always been about foreign exploitation by An+ominous+Cow+art · 2009-05-26 04:35 · Score: 1
  
  That's Dr. Charles Emerson Winchester III to you!
8. Re:Always been about foreign exploitation by ardle · 2009-05-26 05:10 · Score: 1
  Ah, now I know what's been going wrong: we keep on giving jobs that should be taken seriously to people with silly names!
  Examples:
  Ban Ki-moon
  Kofi Annan
  Boutros Boutros-Ghali
  Coincidence?
9. Re:Always been about foreign exploitation by neomunk · 2009-05-26 05:14 · Score: 1
  
  That man stopped the most dangerous coup attempt the U.S. had ever seen to that point.
They still don't get it. by Anonymous Coward · 2009-05-25 20:41 · Score: 0

The Air force shut down their Cyber command. The NSA (which is probably better equipped than any of the armed forces to technical issues) said "Hey, not us"
"Cyber" should be a dirty word.
So, companies and military join forces by captainpanic · 2009-05-25 21:01 · Score: 0, Redundant

Sorry, but how is this going to affect the always praised market?
If one company has good contacts with the military, then how on earth is a small start-up going to compete for new contracts?
In my humble opinion, the best way to achieve a safe industry is to nationalize it completely... permanently destroy all competition, and assign some big shot military guy as CEO of the company. Especially defense industry only has the government as customer, so why not make it a national (non-profit, and very safe) industry?
And then proceed to claim to the rest of the world that the Soviets had it all wrong :D
(sorry - of course it should be the other way around: you should privatize the government instead of nationalizing industry).
Not a conspiracy issue by gnieboer · 2009-05-25 21:11 · Score: 4, Insightful

This isn't a military-industrial complex conspiracy issue, nor exploiting the rest of the world.
It highlights that 'national security' of any country is much more complicated than days gone by. The 'military' can no longer guarantee security by having lots of ships and planes etc. A hacker taking out the electrical grid certainly is a threat to national security, but not a threat that can be fended off by the military.
Why not? Because as most here would know, to do that would require military 'jurisdiction' over every network node and server and firewall defending something deemed 'important'.
Since despite general cynicism on the topic, the US still is one of the most free societies on the planet, they clearly would despise such an option. So instead working together as a team makes just way too much sense.
The concerning side is valid as well... giving the same dingbats that can't secure a basic firewall the responsibility for securing -actual- classified intelligence should worry us all as well.
Of course the answer is halfway, companies need to beef up their controls and the government then needs to share. We're all in this together. And yes, in this 'new' global economy, I mean everyone, but just those pesky Americans...
1. Re:Not a conspiracy issue by gnieboer · 2009-05-25 21:23 · Score: 1
  
  -edit- NOT just those pesky Americans
2. Re:Not a conspiracy issue by MichaelSmith · 2009-05-25 21:23 · Score: 1
  
  would require military 'jurisdiction' over every network node and server and firewall defending something deemed 'important'.
  The military defend against threats in the air and on sea without having jurisdiction over those domains. You identified data security for the electricity grid as a vulnerability. Perhaps a military security agency could deploy measures to protect that specific asset.
  
  --
  http://michaelsmith.id.au
3. Re:Not a conspiracy issue by gnieboer · 2009-05-25 21:42 · Score: 2, Interesting
  
  Well, they actually do have jurisdiction over (their) air and sea, through NORAD for the air for instance. They just normally don't exercise it, leaving things to the FAA.
  To do it right, to 'deploy measures' to protect a commercial asset (be it company or public utility), the gov't agency would have to take over configuration control of the servers that hold the data, the firewall, and active directory (or whatever is in use). Just securing the perimeter doesn't cut it in a 'best practice' environment.
  Now imagine said company/utility wants to create a new self-pay website for their customers. Now they need to go hat in hand to the agency to ask permission for port 80 to be opened for traffic to IP 192.168.0.xxx etc etc. Whose network is it now?
  Utilities will probably have more luck trying to keep critical and non-critical networks separate, but that's a lot harder for corporate networks. Especially big multi-nationals like EADS.
  So deploying measures sounds good upfront, but I think it would become a nightmare if tried to implement. Not to mention having some IT team show up to 'secure' your network and taking it down in the process because they don't understand it :)
4. Re:Not a conspiracy issue by ciderVisor · 2009-05-25 23:25 · Score: 1
  
  Now they need to go hat in hand to the agency to ask permission for port 80 to be opened for traffic to IP 192.168.0.xxx etc etc. Whose network is it now?
  Shit ! I think that's my network.
  
  --
  Squirrel!
5. Re:Not a conspiracy issue by Chlorine+Trifluoride · 2009-05-26 00:21 · Score: 1
  
  Why are you on my network?
6. Re:Not a conspiracy issue by Anonymous Coward · 2009-05-26 03:45 · Score: 0
  
  Call parent flamebait if you like but if you actually take a walk across the great big wet and you'll see many European and Pacific nations which overall have a much more free society in terms of legislation and judiciary and, hell, even culture.
How to make America safer by toby · 2009-05-25 21:18 · Score: 5, Insightful
Stop doing what made you a target in the first place. This means, inconveniently, undoing:
- 50 years of foreign policy prior to "9/11";
- Doubly so, the embarrassing eight years since "9/11".
Good luck.
--
you had me at #!
1. Re:How to make America safer by Nerdfest · 2009-05-25 22:53 · Score: 1
  
  Good network and general computer security applies regardless of political behaviour. Even if you completely agree with the past foreign policy, the actual security policy that seems to be applied in most cases is abysmal.
2. Re:How to make America safer by DNS-and-BIND · 2009-05-26 00:19 · Score: 1
  
  Wouldn't make a difference. Compliance is regarded as weakness, which is regarded with contempt.
  "We are not fighting so that you will offer us something. We are fighting to eliminate you."
  --Hussein Massawi, Hezbollah leader
  
  --
  Shutting down free speech with violence isn't fighting fascism. It IS fascism!
3. Re:How to make America safer by gad_zuki! · 2009-05-26 01:44 · Score: 1
  
  Securing infrastructure has nothing to do with politics. Do you honestly think Islamic terrorists have a rational political stance and that compliance will lead to some historically unseen in humankind age of peace? No, compliance with religious nuts will lead to collapse. Al Qaeda, Hezbollah, et al want destruction of their enemies and to shift the world to a brutal form of Islam, little else.
  While the US, like any other powerful country, has a questionable historical track record, I would rather have it be the leader of the world than the current alternatives: Iran, Russia, or China.
4. Re:How to make America safer by Anonymous Coward · 2009-05-26 04:06 · Score: 0
  
  If you didn't piss everyone off for the last 50 years they wouldn't be trying to kill you. I love how Americans always try to blame everyone else for everything and never seem to think that they could of possibly triggered their own woes.
  Also, that statement was directed at Israel, not the US, so double fail on your part.
5. Re:How to make America safer by bhiestand · 2009-05-26 20:53 · Score: 1
  
  Thank you. It's a shame so few can see how rational this argument truly is.
  
  --
  SWM seeks new sig for a brief fling
Asymmetric warfare by Anonymous Coward · 2009-05-25 22:17 · Score: 0

If I am defense contractor XYZ and I produced a military solution that cost the government $5 billion - what happens when one, or perhaps a small group of, individual(s) is able to steal this data?
What if it is nation sponsored espionage?
What if a nation steals what it can and funds the rest (effectively increasing their R&D by %X)?
You can essentially leapfrog technologically, if your efforts are fruitful. Now take it out of a military context and put it in to an economic context (if we can steal military R&D, you bet we are going to get industrial data too!)
Why is the military doing this? by HangingChad · 2009-05-25 23:31 · Score: 1

The Pentagon is considering ways to share its threat data with other industries including telecommunications and Internet service providers, led by the DoD's Cyber Crime Center...
Certainly the military should be protecting their own infrastructure, but civilian infrastructure should be handled by DHS. There's no justification for mission creep when there are agencies with the charter and authority to address those issues.
We have the CIA, FBI, NSA and Homeland Security. Isn't that enough? Why isn't DoD working through one of them?

--
That's our life, the big wheel of shit. - The Fat Man, Blue Tango Salvage
1. Re:Why is the military doing this? by Phrogman · 2009-05-26 04:09 · Score: 1
  
  The US has a long history of those agencies working at cross purposes to protect or expand their "turf", why should it stop now?
  
  --
  "The first time I got drunk, I got married. The second time I bought a chimpanzee, after that I stayed sober" Arian Seid
A possible slippery slope? by Drakkenmensch · 2009-05-26 00:03 · Score: 1

'This isn't just about national security,' says Barbara Fast, vice president of Boeing Cyber Solutions. 'It's about the economic well-being of the United States.'
How long until the RIAA finds someone in the chain of command to convince that it's in an economic imperative that music pirates need to be stopped, and get a direct DoD data feed of P2P IP data?
That ought to be easy by drinkypoo · 2009-05-26 01:12 · Score: 1

They can obviously detect threats; every time a supposedly-secure DoD computer gets hacked by a worm, they can just publish the results...

--
"You're right," Fisheye says. "I should have set it on 'whip' or 'chop.'"
this will include foreign competitor Info by kubitus · 2009-05-26 01:44 · Score: 1

this will include foreign competitor Info
obtained by Echelon
obtained by Root Boot Trojans.
now DoD says openly what they did since more than a decade
Reading between the lines ... by PPH · 2009-05-26 04:34 · Score: 1

... the DoD is working with critical industries to secure defense industry data. And then Boeing is mentioned.
It sounds to me like the DoD is stepping into 'help' them clean up security holes. 'Help' is a nice way of saying that they'll get be getting their asses kicked.

--
Have gnu, will travel.
Obvious ! Anti-piracy measures! by freaker_TuC · 2009-05-26 09:47 · Score: 1

... Because they got the nukes to stop music piracy !

--
--- I am known for the ones who want to find me on the net. Is that a privacy risk or a privilege? One might wonder..
Just wait... by GrpA · 2009-05-26 14:10 · Score: 1

If you thought the no-fly list was bad, wait until you end up on the no-programmer-jobs list...
How long before they decide that if your surname is Hyaka, that that sounds like hacker and ban you from working for anyone who supplies the government.
A long time ago I lost a job based on the fact that I hadn't completed my degree. My employer knew that I didn't have it, but they had a contract to develop software for the US DoD who noticed and threatened to pull all of their contracts if they didn't get rid of any non-degree'ed programmers.
And I wasn't even going to be working on their contracts!
The employer did it's best to accommodate me, but the short story is that the roadblock wasn't worth working around so I went in another direction and became a hardware developer for a different company.
There's no point in appealing to their common sense, because in this case the DoD doesn't seem to have any.
GrpA

--
Enjoy science fiction? "Turing Evolved" - AI, Mecha, Androids and rail-gun battles. What more could you want?
"Dual-use" technology, however, we give 'em... by ibsteve2u · 2009-05-26 15:52 · Score: 1

It is hilarious to me that we have this big DoD initiative to protect "defense" secrets, but in the name of profit we ship silicon wafer manufacturing technology and all kinds of advanced robotics anywhere labor rates are lower than America's.
Just how stupid do you have to be to believe that nobody can translate the guts - the design - of a pick-and-place robot that operates in four dimensions while putting circuit boards and PCs together into a missile guidance system? Or to assume that you cannot use a super-computer sold to predict weather for an Olympics to model thermonuclear design and detonation?
We make me laugh.

--
Orwell: "In a Time of Universal Deceit, telling the Truth is a Revolutionary Act"
Re:Mod me down, waste a mod point. by badkarmadayaccount · 2009-05-27 19:35 · Score: 1

Don't click on parent link, it's a horrible shock site which recursively pops its self up.

--
I know tobacco is bad for you, so I smoke weed with crack.
Re:What? by badkarmadayaccount · 2009-05-27 19:38 · Score: 1

That's a hell of a funny mod option - "Score -1, Informative". Fitting, actually, but someone better fix ASAP.

--
I know tobacco is bad for you, so I smoke weed with crack.