Against the background of international geopolitical tensions US government agencies worry about the potential for cyber incidents to target US companies . In anticipation of this the Department of Homeland Security’s Cyber and Infrastructure Security Agency (CISA) and the Department of Defense (DoD) teamed up to get the word to all companies doing business with the DoD to tighten up their cybersecurity. On Monday (February 14) DoD officials reinforced a CISA advisory entitled, “Shields Up” (link: www.cisa.gov/shields-up). DoD officials also identified three cybersecurity resources for companies doing business with the DoD: the DoD Cyber Crime Center (DC3), the National Security Agency (NSA), and the National Defense Information Sharing and Analysis Center (ND-ISAC).
Steve Shirley, ND-ISAC Executive Director said, “Preparing in advance for cybersecurity incidents is sound advice for ALL companies; in fact it should be a core concern.” Shirley noted, “We appreciate being named as a trusted resource. In fact, for nearly 20 years ND-ISAC has focused on delivering secure threat sharing and processes for developing cybersecurity technical solutions to companies doing business with the DoD plus companies who are key interdependencies and partners.” The latter, he explained, included companies which may have primary lines of business in the Finance, Health, Energy, Information Technology, Telecommunications, and Chemical critical infrastructure sectors. Shirley provided the message DoD developed for companies in a contractual relationship with DoD:
[Begin DoD] Due to increasing geopolitical tensions, the Department of Homeland Security’s (DHS) Cyber and Infrastructure Security Agency (CISA) has issued a “Shields Up” advisory (www.cisa.gov/shields-up). The Defense Industrial Base is one of 16 official United States critical infrastructure sectors. Like the other critical infrastructure sectors’ leaders, we’re reaching out to encourage you to do three things.
- Heed the advisory.
- Report Cyber Incidents.DFARS 252.204-7012 stipulates a contractor’s requirement to rapidly report cyber incidents impacting Covered Defense Information (CDI) and/or the ability to perform operationally critical support within 72 hours of discovery to https://dibnet.dod.mil. For questions or more information, contact DCISE (DC3.DCISE@us.af.mil or call the 24/7 Hotline at 1-877-838-2174).
- Get Assistance and Partner. These three organizations can assist you.
- DoD Cyber Crime Center’s (DC3) DoD- Defense Industrial Base Collaboration Information Sharing Environment (DCISE) – www.dc3.mil; DC3.DCISE@us.af.mil; 24/7 Hotline – 1-877-838-2174
- National Security Agency’s Cybersecurity Collaboration Center (CCC) — https://www.nsa.gov/About/Cybersecurity-Collaboration-Center
- National Defense Information Sharing and Analysis Center (ND-ISAC) – ND-ISAC is the official ISAC for the DIB Critical Infrastructure Sector recognized by DoD and DHS. The ND-ISAC is a private sector self-organized and self-governing entity; it is a trusted partner providing exceptional technical solutions and support to its members. Please email Info@NDISAC.org to contact the team or see ND-ISAC’s public facing website at www.ndisac.org.