Cyber Defense Effort Is Mixed, Study Finds

A Pentagon pilot program that shields the computer networks of defense contractors using classified U.S. National Security Agency (NSA) data succeeded in some respects and came up short in others, according to a Carnegie Mellon University study.

The initiative demonstrated that Internet carriers were trustworthy in their handling of the NSA data, that direct monitoring of private networks by the government could be unnecessary, and that the measures could be especially advantageous to firms whose cyberdefense capabilities are at a less mature level.

The Defense Industrial Base cyber pilot enlisted Internet carriers to sift through companies' incoming email for malware using classified NSA malware signatures for the purpose of testing two strategies--quarantining malevolent emails and redirecting outbound traffic headed for suspicious Web sites. Although the first approach was rated as effective, the second yielded large numbers of false positives reported by participating companies.

The researchers recommend that the pilot be expanded to a wider, more variegated array of defense firms, and that the U.S. Department of Homeland Security (DHS) assume a greater participatory role. The study's results prompted the Obama Administration to continue the program and make DHS overseer of the relationship with the Internet carriers.

From Washington Post
View Full Article

Abstracts Copyright © 2012 Information Inc. , Bethesda, Maryland, USA