After a 3 year pilot, a plan to share info was finally formalized. Bob Lentz said that it will take the plan from 1st gear & shift it into 4th gear!! How do you suppose that they can secure email & vpn's? The simple answer is the TPM & guess who must be directly involved with all parties, gov't & private!!
"IT'S COMING!!!" DoD gives vendors new rules to protect data February 15, 2010
By Jason Miller Executive Editor Federal News Radio
From Titan Rain to the most recent cyber attacks on Google, Adobe and other vendors, federal information on contractor computer systems have been under siege for nearly a decade.
White House cyber security coordinator Howard Schmidt recently called the Defense Industry Base one of the major weak links in the IT security chain. He pointed specifically to the supply chain component.
"At one point, the supply chain and the connectivity supply chain partners were relatively small, but that has changed dramatically," Schmidt says. "Not only do we have direct connectivity with our supply chain partners, but the use of their IT systems affects the way we do things. Not only that, they are not just connected to us in one business, it's like the spider web. We need to make sure small and medium sized businesses-the backbone of our workforce in America today -- they basically have the resources and they don't have to fight the same battles we do with the larger enterprise at the government level on a day-to-day basis."
That is why the Defense Department issued a new policy to protect military information on or going in between unclassified networks run by contractors and the government.
Cheryl Roby, acting Defense chief information officer and principal deputy assistant secretary of Defense for Networks and Information Integration, signed the directive Jan. 29 detailing three major policy initiatives, including new operating guidance to coordinate and manage an information sharing partnership with contractors.
"This formalizes the overall process by which DoD will be implementing protection measures and different processes to deal with Defense Industrial Base security program," says Bob Lentz, a former DoD official in charge of information assurance, during an interview with the Daily Debrief. "It's the information outside the core DoD information networks."
The memo requires DoD and the Defense Industrial Base (DIB) to create an information sharing environment for threat information, develop best practices, create a standard for reporting of and responding to cyber attacks or threats, and develop an approach for vendors to do self-assessments of the security of their networks.
The memo also details the roles other parts of DoD will play, including the Defense Security Service, which will ensure contractors receiving classified information have programs that meet the military's cybersecurity requirements; the National Security Agency, which will provide support to analyze cyber intrusion damage; and the Defense Cyber Crime Center, which will provide hosting for the information sharing environment, serve as the focal point for threat sharing and implement policies, processes and standards.
Lentz, who retired from DoD in October and now is president of Cyber Security Strategies, says the memo formalizes a three-year pilot between DoD and vendors to better coordinate cyber threat information.
"One of the keys to the DIB effort has been the overall philosophy of trust," he says. "What the pilot program proved was we could institutionalize an information sharing apparatus that allows two-way trust and collaboration. That has been one of the fundamental goals. One of the success features of the DIB has been achieving that goal."
The memo also gives the DoD undersecretary for Acquisition, Technology and Logistics specific tasks.
DoD must update its acquisition regulations to address the protection of unclassified information on vendor networks, and develop a cyber intrusion damage assessment policy for DIB systems.
"One of the underlying strategies was to institutionalize this in the acquisition process," Lentz says. "As we ran pilot, DoD wanted to get the effort operationalized in a formal way, and the contractors wanted to get into acquisition regulations as soon as possible. Once you get it in there, it allows both the government and contractor end to have the requirements specifically spelled out so you can get ready to implement and in some cases get the financial backing to implement the various requirements."
Lentz adds that the DIB effort could be a model for a governmentwide program. He says the Homeland Security Department has been involved in the DIB program since the beginning.
"From day one, I have believed that DIB is a model framework for information sharing for all critical infrastructure sectors," he says. "The DIB effort shows you can put formal structure in place and allow you to collaborate."
(Copyright 2010 by FederalNewsRadio.com. All Rights Reserved.)
This comment from the article looks promising. I believe Wave was involved with this pilot program and it appears it was successful. That is very reassuring.
"One of the keys to the DIB effort has been the overall philosophy of trust," he says. "What the pilot program proved was we could institutionalize an information sharing apparatus that allows two-way trust and collaboration. That has been one of the fundamental goals. One of the success features of the DIB has been achieving that goal."
News 
Market Data 
Discover 
