- The Washington Times - Monday, June 20, 2011

The Pentagon has begun sharing intelligence with defense contractors on growing threats posed by cyber-attacks after a recent strike against networks of Lockheed Martin.

The new program is called the Defense Industrial Base Cyber Pilot and was disclosed by Deputy Defense Secretary William Lynn III during a speech in Paris last week.

“The threat intelligence provided by the government is helping the companies themselves, or the Internet service providers working on their behalf, to identify and stop malicious activity within their networks,” Mr. Lynn said.

The program was developed through cooperation between the Pentagon and Department of Homeland Security and includes information on threats and plans on how to build network defenses against attacks.


Mr. Lynn said the goal of the program is to strengthen cyberdefenses within defense companies.

In May, the Bethesda-based Lockheed Martin was hit by a cyber-attack using counterfeit security tokens that normally allow only trusted employees to remotely access company networks.

It was among a series of high-profile cyber-attacks against U.S. government and private networks in the past two years.

Joshua Gruenspecht, a cybersecurity specialist with the Center of Democracy and Technology, said governments in the past shared data with the private sector only after attacks, “but this kind of systematic sharing is a first, as far as we know.”

Mr. Gruenspecht warned against complacency based on the information sharing.

“Fundamentally, you’re never going to have a perfect system. In cybersecurity, often offense is ahead and defense is playing catch-up. There’s always an attack out there that’s never been seen before,” he said.

Mr. Lynn in his speech divided cyberthreats into three categories: data theft, disruption of websites and physical destruction, which he said was the most dangerous.

“It is possible to imagine attacks on military networks or on critical infrastructure — like the transportation system and energy sector — that cause severe economic damage, physical destruction or even loss of life,” Mr. Lynn said.

The most recent known example of the third case was the so-called Stuxnet worm that penetrated the computer control system in Iran’s Bushehr nuclear plant. The worm, launched by still-unknown sources, led to a temporary shutdown of the plant.

Some security analysts have said the U.S. or Israel was behind that attack.

Multiple U.S. corporations have said they are developing cybersecurity programs for government and private use that would be separate from the Pentagon’s pilot program.

Story Continues →