Yesterday the Office of Management and Budget (OMB)
announced that the Department of Defense submitted their final rule for the Defense
Industrial Base (DIB) Cyber Security/Information Assurance (CS/IA) Activities.
The interim final rule on this program was published
last year and apparently DOD takes seriously their responsibility for
actually finishing the rule making process.
Last year I described the proposed program this way:
This program is based upon the
realization that both sides have unique sorts of cybersecurity information that
will have value for the other side if the information were to be shared.
Because of its extensive intelligence collection and analysis capabilities DOD
is likely to have information about cybersecurity threats (capabilities,
techniques, intentions and other actual attacks) that could be used by DIB
entities to protect their cybersecurity systems. DIB entities would have
details about intrusions and attempted intrusions on their systems (attack
vectors, methodologies, information targeted and information compromised) that
DOD could use to assess the extent that DOD unclassified information has been
compromised and to extend the analysis of cybersecurity threats to DOD/DIB systems.
Of course, the same could be said about DHS and critical
infrastructure organizations. Maybe this will be one of the things that comes
out of the development of the Cybersecurity Framework.
There are no details available on how the submitted final
rule will change the interim rule. We will just have to wait and see. It could
take months for OMB to approve this for publication.
No comments:
Post a Comment