* Clearing house expected to involve about 1,000 at first
* U.S. companies' trade secrets said increasingly under
* China, Russia alleged to be behind much of cyber threat to
By Jim Wolf
WASHINGTON, May 14 Up to 8,000 companies doing
business with the Pentagon may be qualified to join a newly
expanded U.S. effort to guard sensitive information on private
networks, a senior Defense Department official said Monday.
The Pentagon on Friday invited all of its eligible
contractors to join the voluntary pact aimed at fighting what
U.S. officials have described as growing cyber threats that
allegedly originate, above all, in Russia and China.
The Defense Department will provide intelligence-derived
information on malicious Internet traffic to the companies; the
firms are to share information on any cyber penetrations of
their networks with the government.
"We think there are as many as 8,000 that are already
cleared and could be participants in the program," Richard Hale,
the department's deputy chief information officer, said in a
Perhaps 1,000 companies are expected to take part in the
permanent new program initially and if it grows beyond this, "We
would be pleased," he said.
The trial program began in 2007 and had been capped until
last week at 36 participants. Of the three dozen, 17 had opted
for an enhanced effort, begun about a year ago, under which
their Internet service providers scanned their incoming traffic
based on information provided by the National Security Agency,
the communications-intercepting Pentagon arm.
Eric Rosenbach, deputy assistant secretary of defense for
cyber policy, said companies that make up the so-called defense
industrial base had been under "unrelenting attack from
sophisticated actors trying to steal intellectual property and
The service was not intended as a "silver bullet" to thwart
cyber threats but a promising link of public and private
interests, he said. He added that it could be readily scaled to
help guard crucial U.S. infrastructure - power grids, financial
networks, transportation services - if a decision to do so were
made by the White House.
Three Internet service providers currently are providing
filtering and remediation services using specialized
intelligence on a pay-for-service basis, Rosenbach told the
He declined to name the trio, citing what he called their
preference in the matter. The intelligence information involved
was relayed by the Defense Department to the Department of
Homeland Security, which is responsible for dealing with the
service providers, Rosenbach said.
Verizon Communications Inc is participating, Richard
Young, a company spokesman, said by email. AT&T Inc and
CenturyLink Inc - the two others widely reported to
round out the group - did not return requests for comment.
Rosenbach said no "personally identifiable information" was
being passed back to the government by the providers of the
enhanced cybersecurity service.
The basic service is a kind of alert to cyber threats and
suggestions for remedying them. To be eligible, a company must
be cleared by the Pentagon to store classified information on
its networks and premises up to at least the "Secret" level.
Privacy and civil liberties had been front and center during
development of the program, reviewed by the Justice Department
and by privacy experts within the U.S. government, Rosenbach
The cyber threat to U.S. aerospace, defense and other
high-technology companies is increasing at "a rapid and
accelerating rate," Rear Admiral Samuel Cox, director of
intelligence for the military's Cyber Command, told a conference
The Office of the National CounterIntelligence Executive, a
U.S. intelligence arm, said in an unclassified report to
Congress in October that China and Russia were in the forefront
of keyboard-launched theft of U.S. trade and technology secrets.