12 May 2014

DoD, private sector collaborate on cybersecurity best practices

by ADAM STONE
May 7, 2014 


John Pellegrino manages the Cyber Security Alliance, which focuses on cybersecurity best practices. 

At the U.S. Army Research Laboratory, John Pellegrino sees no reason to go it alone. In the sprawling, shifting world of cybersecurity, he’ll take all of the friends he can get.

“We are all looking at cyberprotection together to come up with some fundamentals that will hopefully help us to make our networks more robust,” said Pellegrino, who manages the lab’s Cyber Security Research Alliance, which brings together military, academia and industry in an effort to share best practices.

Army knows the need, universities know the science, and private-sector information technology brings it together.

“We are not a production house, that is something industry is capable of doing at scale,” he said. “So industry is really our partner in taking it home, in putting it into practice.”

The Defense Department told Congress its Cyber Command needs $5.1 billion for fiscal 2015. With cyber threats evolving at a rapid clip, it serves the military well to tap into private-sector best practices as early and as often as possible. A range of collaborative efforts have been put into place so Defense can keep its finger on the pulse, and industry can show off its most promising new ideas.

In a Silicon Valley venture capital shop, Dwayne Melancon recently got together with a dozen cybersecurity leaders to brief the military brass on emerging security threats and solutions.

“We talked a lot about other projects, how we have implemented on what kinds of systems,” said Melancon, chief technology officer at IT security software firm Tripwire. “They are not looking for a specific product. They are looking for other industries that are facing similar problems. They want to look at what is happening outside their own world.”

Military leaders are frequently inviting private-sector chiefs for informal talks. At Melancon’s most recent meeting, he said he got about 45 minutes to present.

“When they do that, you get higher-level participation from the agency, where if you set up a meeting on your own, it can be hard to get to a decision-maker or someone who is in charge of strategy,” he said.

No comments: