The Defense Department could receive $30 million in fiscal 2011 to set up cybersecurity pilot projects, including one that would test a government-sponsored cybersecurity regime for the defense industrial base.

The Senate Armed Services Committee markup of the fiscal 2011 national defense authorization bill calls for four cybersecurity pilot programs, all to be done in coordination with the Homeland Security Department.

The industrial base cybersecurity pilot would investigate whether an outsourced managed service could combine intelligence feeds from government and commercial sources, engage in intrusion detection and prevention and automatically report to Defense network and security operations centers. 

The pilot "could provide a model for defending other privately owned critical infrastructure, as well as federal departments and agencies," committee authorizers wrote in the bill's accompanying report.

Another pilot would support creation of a consortium of commercial telecom and Internet service provider firms that would share attack warning and response capability among themselves.

"The committee is aware that there are significant legal and policy issues that would need to be carefully worked through, including possible anti-trust concerns and legal restrictions on the sharing of the content of communications with the government, even if that content is malicious software," authorizers wrote.

Both the industrial base cybersecurity regime and the consortium pilots could be integrated into the DHS Einstein 3 program, authorizers also wrote.

The other two pilots involve Defense acquisition. One would test processes permitting the DoD to rapidly acquire operational or technical cyber capabilities from the private sector and to incentivize commercial investments in technology and capabilities. The other would support creation of uniform Defense evaluation criteria for cybersecurity products and services.

In the report, authorizers wrote that they strongly support the pilot projects. "The committee is heartened that the administration is finally recognizing the enormous potential role for the private sector in cybersecurity," they wrote.

For more:
- see THOMAS page for S.3454 (includes link to the accompanying report), or go directly to the full text

Related Articles:
SASC orders DoD cybersecurity changes in authorization bill
DoD could defend critical private sector infrastructure from cyber attack
Is the threat of cyber war exaggerated?
House bill could reform DoD IT acquisition