DOD should take lead on cyber info sharing: panel

To protect the nation’s critical infrastructure against potential cyber-borne threats, the federal government is building up programs that fortify research, development and education. Government agencies are also pursuing key partnerships that further steel against the threat, according to a panel of federal officials who spoke July 15 at the AFCEA Cybersecurity Symposium in Washington, D.C..

However, all of those components of cybersecurity hinge on one vital aspect that has long troubled the government: information sharing.

It’s an issue that will need to be transcended to properly protect the nation’s critical infrastructure, and it will require cooperation across many agencies, the panelists said.

“The resources we are all trying to protect are distributed. The threat we are trying to protect against is distributed, and it’s global. Our response has to be distributed as well,” said Martha Stansell-Gamm, former chief, computer crime and intellectual property section, Justice Department.

She said that with its wealth of communications and technology resources, DOD is uniquely qualified to lead the cross-agency, information-sharing charge.

“DOD is perfectly situated…it can match its extensive human network with its extensive technological network,” Stansell-Gamm said.

She added that the effort would benefit from some type of map that organizes agencies by function, rather than by physical location or other traditional classifications and would help users quickly find people and capabilities according to what each office does.

Air Force Col. Michel Ellert-Beck, director of the U.S. Cyber Command's Joint Intelligence Operations Center, acknowledged the struggle in information sharing between agencies and departments, but stressed that it’s something that is being actively worked on.

“A lot of effort is being made with key partners, but there are also disconnects in information sharing…[including] with regard to Title 10,” which governs the roles, missions and organization of the military services and broader DOD, Ellert-Beck said.

Beyond information sharing, awareness, formal education, workforce structure, training and professional development are all essential to building up critical infrastructure defenses. Those aspects are the main tenets of one program under way at the Homeland Security Department, according to Doug Maughan, cybersecurity division director of the Homeland Security Advanced Research Agency within the science and technology directorate at DHS.

The hope is that these types of programs will help ingrain collaboration and the exchange of information in order to protect critical U.S. assets, the panelists suggested, but all conceded there are challenges ahead.

“We haven’t succeeded in institutionalizing [information sharing],” Stansell-Gamm said. “Right now we’re kind of like bumper cars…but what we really need is a hub and spokes.”