The Pentagon's effort to exchange data about cyber threats with defense contractors -- dubbed the Defense Industrial Base (DIB) program -- has actually been losing participants since it was expanded to include the Department of Homeland Security, according to Rep. Mike Rogers (R-Mich.).
"They gave DHS responsibility to [expand] from the 20 in the DIB pilot, the 20 original companies working through the Department of Defense whose mission it was to kind of get this information-sharing thing up and running to see if we could actually do it and if it was scalable," said Rogers during a speech yesterday at the U.S. Chamber of Commerce, where he questioned DHS's ability to be the lead federal agency in defending privately owned critical infrastructure from cyber attack.
"The president said about a year ago that we want to have a thousand companies engaged in the DIB pilot. That was about a year ago. This oughta say everything we need to know . . . guess how many companies we have participating?" asked Rogers. "I'll tell you: less than 20. We've lost somewhere between five and seven companies, no gains, no effort to get more people involved."
Rogers' comments come on the heels of assertions by several Pentagon officials who say that companies are lining up to join the program that was expanded out of pilot mode last spring.
"If you're a Defense Department contractor with a facility clearance, we want to share classified threat information with you," Richard Hale, the Pentagon's deputy chief information officer for cyber said on Sept. 27 of DoD's efforts to expand the program with DHS. "It's a voluntary program. We'll share with you, you share with us. We also have a second part of that program that allows you to get security services from a service provider that's getting classified information and using it to protect you."
"We're teamed closely with [the Department of Homeland Security] to see if DHS can expand this model out to other critical infrastructure," added Hale.
Hale's comments echoed those of his boss, DoD's chief information officer, Teri Takai.
"We've got a queue of companies that are interested in joining, we've got other federal agencies that are interested in coming aboard, and we've got other federal agencies that are interested in either using our program or creating a similar program," said Takai while discussing the program with Killer Apps in early September.
Rogers made his criticisms during the same speech in which he claimed that a newfound cyber threat may prompt lawmakers to consider passing legislation that would allow private companies to quickly share information about cyber threats with the federal government without fear of being sued for misusing U.S. citizens' private information. Numerous pieces of legislation aimed at allowing the government and private sector to quickly share information (including Rogers' CISPA) about cyber threats were defeated in the last year amid protest from a range of privacy advocates
DoD tells Killer Apps it is looking into Rogers' comments, with one spokesman saying, "This is the first I'm hearing that the DIB program is struggling for members."