U.S. to Protect Private Sector from Secret Software Attacks
The U.S. government will use classified information about software vulnerabilities for the first time to protect companies outside of the military industrial complex.
Secretary of Homeland Security Janet Napolitano said that a system being developed to scan Internet traffic headed toward critical businesses would block attacks on software programs that the general population does not realize are possible, said Reuters.
"It is a way to share information about known vulnerabilities that may not be commonly available," Napolitano said at the Reuters Cybersecurity Summit in Washington, D.C.
The information would come from "a variety of sources" including intelligence agencies, Reuters said.
The plan is to discreetly share the data through what the government calls Enhanced Cybersecurity Services. Under a February presidential order, those services will be offered by telecommunications and defense companies to utilities, banks and other critical infrastructure companies that choose to pay for them.
Napolitano's Department of Homeland Security will take the information from the NSA and other sources, and relay it to service providers with security clearances. The service providers would then use these "attack signatures" - such as Internet routing data and content associated with known adversary groups - to screen out malicious traffic.
While U.S. intelligence agencies have at times warned software manufacturers, such as Microsoft Corp and Google Inc, or Homeland Security officials of specific, Michael Daniel, the White House cybersecurity policy coordinator, told the Summit the Enhanced Cybersecurity Services program was still evolving and the type of information shared would change as threats do, Reuters said.
"We want to use the full capabilities that we have to protect as much of the critical infrastructure as we can with that program," he said.