The Department of Defense (DoD) Cyber Crime Center (DC3) and the National Defense Information Sharing and Analysis Center (ND-ISAC) have entered into a Cooperative Research and Development Agreement (CRADA) to explore new processes between DoD and ND-ISAC, to develop better methods to combat cyber threats to the Defense Industrial Base (DIB).
As explained by DC3’s DoD-DIB Collaborative Information Sharing Environment (DCISE) Director, Krystal Covey: “This agreement allows us to focus on developing more effective products and methods to share timely cyber threat information and enhance cybersecurity within the DIB.”
One of the CRADA’s main goals is to enhance public-private data sharing and analytical collaboration related to cyber security, expand communications channels, and to enable the parties to meet and to coordinate on cybersecurity threats and mitigation issues. For example, the CRADA facilitates generating short-notice conference calls to discuss threats that concern DC3/DCISE and ND-ISAC’s DIB company analysts.
“The cyber threat landscape is always evolving, so engaging with non-federal partners to collaborate analytically allows for enhanced defense against new tactics, techniques, and procedures (TTPs) employed by adversaries. A partnership between ND-ISAC and DC3/DCISE makes sense because the collaboration should result in a more comprehensive threat picture (of cyber threats relating to the DIB) for both organizations,” said Covey.
Currently, the CRADA enables DC3 analysts and ND-ISAC member company analysts to share research and development related information via live chat, in real time, using processes and platforms hosted by ND-ISAC. The organizations are also exchanging threat intelligence and threat-warning documents as their respective release and distribution rules allow.
Steve Shirley, ND-ISAC Executive Director observed, “Cyber threat data sharing between the USG (US Government) and private sector isn’t unusual today. But the CRADA, as a research vehicle, allows us to test and validate certain approaches in a context that is beneficial to ND-ISAC, our member companies, and to DC3.”