The Internet can be a downright scary place sometimes, but the Pentagon has been keeping an eye on several major sources of cyber threats. To get that information better distributed, the Pentagon is in turn offering up a program that disseminates that information to a series of companies, who can then repackage that information as a security service for sale to other companies.
Under the plan – dubbed Defense Industrial Base Enhanced Cybersecurity Service – the Pentagon first sends the classified threat information to the Department of Homeland Security, which subsequently takes said information and routes it to the companies approved to receive said information. When the approved companies get their hands on that information, they can then add it to their own bundles and resell it to other companies as a kind of security protection service.
The basic idea, according to the deputy assistant secretary of defense for cyber policy, Eric Rosenbach, is to take information that "...isn't available in the public domain and give it to the private sector and rely on their ability to innovate, push and market." Naturally, several companies are interested in the program, including Lockheed, CenturyLink and AT&T (News - Alert), as well as several others who are currently being considered.
This particular move to offer classified information via a larger market grew out of legislation originally started last November, in which Congress was out to require companies to voluntarily adopt certain security standards. More information sharing was also on tap as part of the legislation, which was defeated, but seems to have made a resurgence under a different form.
It's set to not only offer a better idea of what threats are out there, but also how to defend against said threats, as companies will be able to take advantage of – and ultimately disseminate – large portions of information about threats that only the Pentagon really has access to. On certain levels, this program actually started four years prior, when the Pentagon was engaging in sharing unclassified data with certain defense contractors.
While the idea of protecting against cyber threats is a good one, it's not hard to look askance at the method in question. If the Pentagon is looking to hand out information, why not simply hand it out to everyone who wants it, as opposed to handing it out free to a handful of companies who then offer it for sale?
Also, what is the taxpayer's cut in all this? After all, surely taxpayer dollars were spent in the gathering of this information, so surely, the taxpayer has an interest in what is done with said information –especially if it is to be sold at a profit by companies who got it for nothing. Of course, the companies pay taxes as well, which could have been at least part of the dollars going into the equation. Therefore, it could be that they're seeing a return on their investment – something more taxpayers would no doubt like to see.
The program is likely to leave bad tastes in at least a few mouths out there, despite the importance of cybersecurity in our collective way of life. Only time will tell just how well it will ultimately work, seeing how it’s always hard to chide a program that works.