Cyber Security: Why Aren’t Public Companies Using Military Security?
This post is also available in: 
עברית (Hebrew)
Have you ever stopped to think why defense companies have a classified network to prevent cyber attack, whereas companies handling our critical systems – electricity, gas or water – don’t? It’s rather a curious situation if you think about it. Why aren’t electric companies using the same classified network thus ensuring the power supply in times of peace as well as times of war?
U.S. senators are soon to begin legislation meant, among other things, to make it easier for companies to share information regarding cyber security with each other and with the government. However, the Cyber Security Sharing Act is still uncertain, as it is getting a lot of criticism stemming from privacy and civil rights concerns. Furthermore, many previous attempts to address the matter have failed to reach the president’s desk.
When unclassified e-mail servers of the Joint Chiefs of Staff were recently hacked, the ability to communicate securely on classified networks kept Pentagon operations moving. Cyber incident response teams managing the breach could communicate with the intelligence community, law enforcement, and other parts of the Pentagon without the alleged Russian attackers listening in. We all know what would have happened had a private company been attacks by the same attackers.
Today companies in the defense industry, such as Lockheed Martin, Boeing and others, have access to such cyber defense capabilities. The companies use a seperate, classified network called DIBNET to share classified information in a secure fashion with each other as with the U.S. Department of Defense.
Cyber security is usually thought of as a partnership between the government and the private sector. For that partnership to be fully realized, private companies bearing the costs of defending themselves against nation-state adversaries like China and Russia must be allowed access to the same networks and same information that federal agencies use to prevent and respond to cyberattacks.
It’s a shame these steps are too late, but we should hope that congress succeeds in passing the legislation in the coming months.
