The pilot program was launched to test the effects of sharing classified information with defense contractors and their communications providers.
The original pilot program included 17 defense companies, including Northrop Grumman, Verizon, CenturyLink, AT&T, Raytheon and Lockheed Martin. Internet carriers filtered incoming email for malicious software using NSA signatures, the Post reported. Incoming malicious emails were quarantined and those sent to bad sites were redirected.
The Post reported that of the 52 detected cases of malicious activity, two were a result of NSA threat data and not data the companies already had.
A study by Carnegie Mellon University and the Pentagon found that the government monitoring private networks could be beneficial to companies with less advanced cyber defense capabilities and that Internet carriers can be trusted with NSA data, the Post reported.
“There is no silver bullet in cybersecurity,” said Rep. James Langevin (D-R.I.), co-founder of the Congressional Cybersecurity Caucus, according to the Post. “Signature-based defenses alone will never be enough to secure our critical infrastructure.”
Now, those in charge of the Joint Cybersecurity Services Pilot want to “build upon the DIB Opt-In Pilot and allow DHS, through the National Cyber Security Division U.S. Computer Emergency Readiness Team, to share indicators and other information about known or suspected cyber threats,” according to the DHS notice.
DHS will take the leadership role and the Pentagon will act as the communication liaison, working directly with contractors. According to the DHS privacy notice, data will only be exchanged among communications companies and DHS personnel with specific clearances.
“This format allows DHS to strengthen the information sharing effort and potentially expand it to other areas of critical infrastructure,” Langevin said in a statement, according to NextGov.