据美国国会网络日光浴室委员会的一位领导人说,五角大楼必须能够在国防公司的私人网络上搜寻网络威胁,以加强国家网络安全。
美国国会网络日光浴室委员会的共同主席迈克·加拉格尔(Mike Gallagher),在众议院武装部队情报与新兴威胁与能力小组委员会的证词中说,这些网络必须具有更大的可见性,其中敏感信息和机密信息要多得多。
“我认为报告中最大的发现之一是,尽管我们对自己的系统有了更好的认识,但我们的某些国防部承包商,分包商以及与大型公司合作的所有小型公司与国防部合作仍处于低水平。这有私人网络没有我们所需要的威胁图和网络安全可见性,”他7月30日说。
“我只是争辩说,我们需要弄清楚这一点,因为事实发生之后,我们无法对网络入侵做出反应。我们必须更快地确定这些威胁,以便我们的对手可以在网络上爆发。”
网络日光浴室委员会是一个两党组织,于2019年成立,旨在制定多管齐下的美国网络战略。该委员会在三月份发布的报告中建议国会要求国防工业基地参与威胁情报共享计划并在其网络上进行威胁搜寻。
报告指出:“改善对DIB(国防工业基地)的敌对网络威胁的检测和缓解,对于确保关键的军事系统和职能具有弹性并且可以在危机和冲突时期使用是至关重要的。”
中国被指控从国防公司的网络中窃取大量数据,包括F-35战斗机计划和美国海军计划的敏感数据。该委员会的报告建议,威胁搜寻计划应包括美国国防部在DIB网络上进行的威胁评估计划;鼓励公司将从威胁搜寻中收集的数据提供给国防部和国家安全局的网络安全局;并与国土安全部和FBI协调国防部的工作。
美国国会呼吁在今年的国防授权法案中建立一种威胁共享模型。在参议院的版本包括一个提供直接国防部长建立威胁情报“共享威胁情报与和获得的国防工业基础的威胁的情报。”
Pentagon needs access to defense companies’ networks to hunt cyberthreats, says commission
WASHINGTON — The Pentagon must be able to hunt cyberthreats on the private networks of defense companies in order to strengthen national cybersecurity, according to one of the leaders of the Cyber Solarium Commission.
Rep. Mike Gallagher, R-Wis., who co-chairs the commission, said in testimony before the House Armed Services Subcommittee on Intelligence and Emerging Threats and Capabilities that there must be greater visibility of these networks, in which much sensitive and classified information is kept.
“I think one of our biggest findings in the report was that while we are getting a better awareness of our own systems, we still — down to the level of some of our DoD contractors, subcontractors, all the small companies that work with the big defense primes — don’t have the level of visibility on the threat picture and the security of their networks that we need,” he said July 30.
“I just would argue that we need to figure that piece out because we just can’t be in the process of reacting to cyber intrusions after the fact. We have to identify those threats at a quicker timeline at which our adversaries can break out on networks.”
The Cyber Solarium Commission is a bipartisan organization created in the 2019 to develop a multipronged U.S. cyber strategy. The commission’s report, released in March, recommended Congress require the defense industrial base participate in threat intelligence sharing programs and threat hunting on their networks.
“Improving the detection and mitigation of adversary cyber threats to the DIB [defense industrial base] is imperative to ensuring that key military systems and functions are resilient and can be employed during times of crisis and conflict,” the report stated.
China has been accused of pilfering reams of data from the networks of defense companies, including plans for the F-35 fighter jet and sensitive data on U.S. Navy programs that, while not classified by themselves, can collectively provide vast strategic insight into Navy plans and operations, officials claim.
Know all the coolest acronyms
The commission’s report recommended that a threat-hunting program include Department of Defense threat assessment programs on DIB networks; incentives for companies to feed data collected from threat hunting to the DoD and the National Security Agency’s cybersecurity directorate; and coordination of DoD efforts with the Department of Homeland Security and the FBI.
Congress is calling for the creation of a threat-sharing model in this year’s defense authorization bill. The Senate’s version includes a provision to direct the defense secretary to establish a threat intelligence program “to share threat intelligence with, and obtain threat intelligence from, the defense industrial base.”
声明:本文来自网电空间战,版权归作者所有。文章内容仅代表作者独立观点,不代表安全内参立场,转载目的在于传递更多信息。如有侵权,请联系 anquanneican@163.com。
