Slashdot Mirror

← Back to Stories (view on slashdot.org)

DoD Sharing Threat Data With Critical Industries

Posted by kdawson on from the scratch-your-back dept.

Hugh Pickens writes "The Washington Post reports that for the past two years, the Defense Department has been collaborating with critical industries to stem the loss of important defense industry data — by some estimates at least $100 billion worth over that time. The Pentagon is considering ways to share its threat data with other industries including telecommunications and Internet service providers, led by the DoD's Cyber Crime Center, the clearinghouse for threat data from the NSA, military agencies, the DHS, and industry. The Pentagon's trial program with industry illuminates the promise and the pitfalls of such partnerships: a reluctance of intelligence and law enforcement agencies to release threat data they consider classified, and the companies' fear of losing control over personal or proprietary information. 'This isn't just about national security,' says Barbara Fast, vice president of Boeing Cyber Solutions. 'It's about the economic well-being of the United States.'"

1 of 55 comments (clear)

  1. Re:Not a conspiracy issue by gnieboer · · Score: 2, Interesting

    Well, they actually do have jurisdiction over (their) air and sea, through NORAD for the air for instance. They just normally don't exercise it, leaving things to the FAA.

    To do it right, to 'deploy measures' to protect a commercial asset (be it company or public utility), the gov't agency would have to take over configuration control of the servers that hold the data, the firewall, and active directory (or whatever is in use). Just securing the perimeter doesn't cut it in a 'best practice' environment.
    Now imagine said company/utility wants to create a new self-pay website for their customers. Now they need to go hat in hand to the agency to ask permission for port 80 to be opened for traffic to IP 192.168.0.xxx etc etc. Whose network is it now?

    Utilities will probably have more luck trying to keep critical and non-critical networks separate, but that's a lot harder for corporate networks. Especially big multi-nationals like EADS.
    So deploying measures sounds good upfront, but I think it would become a nightmare if tried to implement. Not to mention having some IT team show up to 'secure' your network and taking it down in the process because they don't understand it :)