U.S. Department of Homeland Security (DHS) employees work on the Industrial Control Systems Cyber Emergency Response Team (ICS-CERT) operational watch floor at the Idaho National Laboratory in Idaho Falls, Idaho
U.S. Department of Homeland Security (DHS) employees work on the Industrial Control Systems Cyber Emergency Response Team (ICS-CERT) operational watch floor where they monitor, track, and investigate cyber incidents in this handout photo taken October 29, 2009 at the Idaho National Laboratory in Idaho Falls, Idaho Reuters

Faced with a growing threat from hacking and other cyber crimes, the U.S. Department of Defense (DOD) and Department of Homeland Security (DHS) have joined hands with leading ISPs and private defense contractors to launch a pilot program called DIB Cyber Pilot that will help strengthen their network defenses.

Deputy Secretary of Defense William J. Lynn, in his address at the 28th Annual International Workshop on Global Security, told the audience in Paris, that the move was prompted by the growing cyber threat and dangers they face everyday.

Lynn said the U.S. government has not forgotten the 2008 cyber attack. [F]or all the military capability that information technology enables, it also introduces vulnerabilities. We learned this lesson in 2008 when a foreign intelligence agency used a thumb drive to penetrate our classified computer systems—something we thought was impossible. It was our worst fear: a rogue program operating silently on our system, poised to deliver operational plans into the hands of an enemy.

Moreover, the threat continues to grow, posing new dangers to our security that far exceed the 2008 breach of our classified systems. Lynn said.

Lynn said the cyber defense program, which was started last month, does not involve monitoring, intercepting, or storing any private sector communications by the DOD and DHS. It only shares the DOD's classified threat intelligence with defense contractors and their private Internet service providers (ISPs), along with the know-how to employ it in network defense.

The threat intelligence provided by the government is helping the companies themselves, or the Internet-service providers working on their behalf, to identify and stop malicious activity within their networks, Lynn said. The ISPs include AT&T, Verizon, and CenturyLink while the defense contractors include Lockheed Martin, CSC, SAIC and Northrop Grumman, according to the Washington Post.

This is not the first time the U.S. government has collaborated with private companies to strengthen their network defense. Through one pilot program launched last year, the DHS shares threat intelligence information with some private-sector CIOs and cyber security officers to help them protect their networks. However, the program has struggled to achieve the right balance and to disseminate information in a way that satisfies all stakeholders. The new pilot program breaks new grounds on several fronts, Lynn said.

By establishing a lawful and effective framework for the government to help operators of one critical infrastructure sector defend their networks, we hope the DIB Cyber Pilot can be the beginning of something bigger, Lynn said. It could serve as a model that can be transported to other critical infrastructure sectors, under the leadership of the Department of Homeland Security.

Lynn has classified the hack attacks into three categories:

[1] Suspected government-backed hacks of military and private sector networks: Example are security breaches that were possibly backed by government agencies at the International Monetary Fund (IMF), Lockheed Martin, Google, NASDAQ, and Citibank. The French Finance Ministry and European Commission had also suffered major intrusions in recent months, Lynn said.

[2] Crude but disruptive attacks on networks from hacking groups such as Anonymous and LulzSec: Examples are distributed denial of service attacks (DDoS) in recent years on the government of Estonia and Georgia and companies like PayPal and eBay. In recent months Sega, Sony, Nintendo, Bethesda, PBS and Fox.com as well as the US Senate, the CIA, and FBI were also attacked.

[3] Destructive attacks targeting critical infrastructure and military networks: The most dangerous cyber threat, according to Lynn, as they seek to destroy the functionality of weapons systems and critical infrastructure such as the networked IT that prevents nuclear meltdowns or manages sewage treatment.

The first form of cyber attack, Lynn said, does not have the dramatic impact of a conventional military attack but in the long term it has a corrosive effect that in some ways is more damaging.

It blunts our edge in military technology and saps our competitiveness in the global economy, he said.

The second form of cyber attack is carried out by loosely organized hacking groups pursuing independent political goals or even simply engaging in wanton acts of destruction for their own amusement and satisfaction.

The disruptive attacks we have seen are relatively unsophisticated in nature, largely reversible, and short in duration, Lynn said. But in the future, more capable adversaries could potentially immobilize networks on an even wider scale, for longer periods of time.

Though Lynn did not cite any example of the third form of cyber attack, one cannot forget the zero day attack that took place last year. A Stuxnet worm, which used a Microsoft Windows Shortcut LNK/PIF vulnerability and other zero-day exploits to target Siemens supervisory control and data acquisition (SCADA) systems, snarled Iran's power facility at Bushehr. In April this year, another worm called Stars, caused havoc on Iran's nuclear power plant.

Some believe that Stuxnet worm originated in the U.S. or Israel and was possibly made by a government agency.