Key Takeaways
- The Department of Defense’s Defense Industrial Base (DIB) Cybersecurity Program, managed by the DC3, is expanding partnership agreements to include non‑cleared contractors who handle controlled unclassified or other sensitive information.
- The expansion is driven by rising nation‑state, ransomware, and supply‑chain threats that target the DIB because adversaries seek defense‑related data that may be more accessible through industrial partners than through direct military networks.
- Recent policy changes (2024 rule amendment) removed the facility‑clearance requirement; a strategic pause in 2025 allowed realignment with new administration guidance, and the program is now accepting new members again.
- Participation involves signing a framework agreement, obtaining a medium‑assurance certificate (required under DFARS 252‑204‑7012), and sharing threat data voluntarily; the government protects contributors’ anonymity unless they consent to attribution.
- Partners receive unique cyber‑defensive intelligence (≈95 % not available elsewhere), access to services such as the Vulnerability Disclosure Program, Dice‑Cubed firewall‑log analysis, and opportunities for face‑to‑face collaboration at semi‑annual technical exchanges and regional partner events.
- There is no imposed cap on the number of participating companies; the program is designed to scale, with particular encouragement for small‑ and medium‑sized businesses that may lack robust internal security resources.
- Information exchanged with the DIB program is coordinated with CISA: relevant data is passed to CISA for broader critical‑infrastructure dissemination, and CISA feeds back DIB‑pertinent intelligence, creating a partnership‑of‑partnerships model.
- Interested contractors can learn more at dc3.mil or by emailing [email protected].
Overview of Partnership Expansion
Terry Gerton opened the discussion by noting that the Pentagon’s historic investment in cyber defenses is now being complemented by a newer initiative that places industry partnership at the core of engagement through the Defense Cyber Crime Center (DC3). He asked why the current moment is ideal for widening those partnership agreements. Terry Kalka responded that the existing information‑sharing arrangements with industry are essential for obtaining cyber‑threat data that commercial sources cannot provide. As the Department of Defense seeks to fortify its “arsenal of freedom,” extending the partnership across the entire defense industrial base to the fullest extent possible has become a strategic priority.
Motivating Threats
When asked to describe the threats prompting this heightened concern, Kalka explained that publicly reported incidents affecting industry and critical infrastructure show that the DIB is not immune. Nation‑state actors from primary competitors, as well as financially motivated ransomware groups, actively target defense contractors. Because contractors often store or process sensitive, unclassified information—sometimes even data that properly belongs to the Department of War—adversaries may find it easier to infiltrate the industrial supply chain than to breach direct military networks. Consequently, protecting the supply chain is viewed as a vital component of overall defense resilience.
Changes to the Program
Gerton inquired about the practical implications of the recent announcement that opens the DIB Cybersecurity Program to new partners. Kalka outlined two key developments. First, a 2024 amendment to the federal rule governing the program eliminated the requirement for a facility or personnel clearance, allowing non‑cleared defense contractors that handle controlled unclassified information (CUI) or other sensitive data to join. Second, a strategic pause in 2025 enabled the program to realign with new administration directives; the pause has now ended, and the program is accepting new members again. The program, which began in 2008 with roughly 16 cleared contractors, has grown to well over 1,000 participants and continues to evolve.
Comparison with CISA Collaboration
Regarding how the DC3‑managed collaboration space relates to groups overseen by the Cybersecurity and Infrastructure Security Agency (CISA), Kalka described a complementary relationship. The Department of War serves as the sector risk management agency for the DIB, while CISA fulfills that role for about half of the other 16 critical‑infrastructure sectors and provides a central coordinating function. Information deemed relevant to other sectors is passed to CISA, and CISA returns DIB‑pertinent intelligence. This creates a partnership‑of‑partnerships model where each agency leverages the other’s reach and expertise while maintaining sector‑specific focus.
Eligibility and Requirements
When asked what a contractor considering participation needs to know, Kalka clarified that the primary eligibility criterion is holding a contract with the Department of War and processing controlled unclassified information or other sensitive data. Participants must obtain a medium‑assurance certificate, which is already mandated under DFARS 252‑204‑7012 and enables encrypted email communication with the government. In addition, partners sign an eight‑page framework agreement that defines the partnership’s terms: they receive government‑furnished information, agree not to redistribute it beyond the partnership, and may voluntarily share threat indicators. Any shared data is used to strengthen DIB defenses but is not attributed to the contributing company unless explicit permission is given.
Benefits and Protections
Kalka highlighted the concrete advantages for members. Partners gain access to cybersecurity defensive information that is approximately 95 % unique and unavailable through other channels. They can also opt into supplementary services such as the Defense Industrial Base Vulnerability Disclosure Program, where friendly researchers scan public‑facing infrastructure for weaknesses and report them for remediation. Another offering, Dice‑Cubed, analyzes firewall logs to detect malicious activity based on a few indicators, allowing early warning of potential victims. Furthermore, the program facilitates a collaborative environment through semi‑annual technical exchanges in the National Capital Region and regional partner meetings, fostering trust and real‑time dialogue that email alone cannot replicate.
Scale and Process
Addressing concerns about potential overload, Kalka noted that there is no preset limit on the number of participating companies; indeed, he welcomed the scenario of a sudden surge in sign‑ups as a “problem I would love to have.” The program employs standardized, repeatable processes and measured workflows to manage workload and alleviate bottlenecks. Special encouragement is extended to small and medium‑sized businesses, which often lack the resources to defend themselves adequately, ensuring they can benefit from the program’s unique threat intelligence and support services.
Where to Get More Information
For those who missed the announcement and wish to learn more, Kalka pointed to the DC3 website (dc3.mil) as the fastest source of details. The DICE and DIB cybersecurity program resides within the broader DOD Cybercrime Center effort. Additional inquiries can be directed via email to [email protected]. This closed the interview, summarizing how the revitalized partnership aims to fortify the defense industrial base against evolving cyber threats while leveraging industry collaboration as a force multiplier.