Administration Grapples with Policies to Allow Sharing of Classified Cyber Info with Business
SAN FRANCISCO -- The administration is struggling with the “legal and policy framework” that are needed to allow it to share classified signatures and technologies to allow the operators of critical private networks to benefit from advances that the government has made in preventing cyber attacks through “active defense,” said Deputy Defense Secretary William Lynn Tuesday.
Sign up for a free preview to unlock the rest of this article
Timely, relevant coverage of court proceedings and agency rulings involving tariffs, classification, valuation, origin and antidumping and countervailing duties. Each day, Trade Law Daily subscribers receive a daily headline email, in-depth PDF edition and access to all relevant documents via our trade law source document library and website.
The “technology and know-how” aren’t the problem, Lynn said in an RSA Conference keynote: They're in hand. In a separate conference appearance, White House cyber coordinator Howard Schmidt said in passing that DOD and the Department of Homeland Security are looking into information-sharing to make sure that business gets heads ups from law enforcement and intelligence agencies to protect its systems. Schmidt also said the administration is completing work on its international strategy for cyber security, to ensure that the Internet is open, interoperable, secure and reliable.
The use of active defense is a prong of DOD’s coming Cyber 3.0 strategy, which is in the “final stages” of work, Lynn said. The department’s networks are equipped with sensors, software and signatures to prevent attacks and to hunt down and “cordon and deflect malicious software,” he said. Another theme of the strategy is that military resources are available, through a partnership with DHS, to help protect civilian government networks and private systems, such as for the power grid and financial institutions, that DOD depends on, Lynn said. “Cyber 3.0 is an important milestone for our department,” he said. “The most dangerous cyber threat” it sees is one that’s “just emerging,” Lynn said: Attacks that cause “destruction … actual physical damage."
Lynn announced expansion of the Information Technology Exchange Program. A pilot that’s starting “will allow for the exchange of IT and cyber security personnel between government and industry,” he said. “We want senior IT managers in the Department to incorporate more commercial practices. And we want seasoned industry professionals to experience first-hand the unique challenges we face at DoD.” He said the program can help the Pentagon, which takes “81 months to field a new computer system,” more faster to adopt cyber technologies.
Lynn also announced “a program to better utilize cyber expertise within the National Guard and Reserve. … Our Department has many soldiers, sailors, airman, and marines who work in the civilian IT world, and who continue to serve their country in the National Guard or Reserves. To make better and more systematic use of their specialized skills, we will increase the number of Guard and Reserve units that have a dedicated cyber mission.”