Behind ‘Project 12’

President Bush has never been a poster boy for transparency. The cyber initiative he signed last January to beef up the government's protections against hackers and cyberspies is no exception—much of the multibillion-dollar project remains classified.

But to extend the project's cyber protections to America's private sector—including some of the nation's most vulnerable targets for malicious hackers—the administration is trying something unfamiliar: sharing information.

According to a Department of Homeland Security report obtained by Forbes.com, a group of unnamed private sector executives representing industries including banking, telecommunications and energy have been meeting with the DHS to find ways to more efficiently swap data on cyber intrusions and digital espionage. The DHS wouldn't share any details of the classified meetings, known as Project 12, which began in February and are scheduled to continue through May. But the goal of the conferences, according to one former government official, is to build a better system for sharing classified cyber-threat data with private companies.

Given the program's scope and budget, the government should have plenty to share. Over the next seven years, Bush's cyber initiative will spend as much as $30 billion to create a new monitoring system for all federal networks, a combined project of the DHS, the NSA and the Office of the Director of National Intelligence. The data-sharing plan would offer information gathered by that massive monitoring system to the private sector in exchange for their own knowledge of cyber intrusions and spyware.

The Bush administration's cyber initiative, known as Presidential Directive 54, is partly a response to a series of cyber intrusions that plagued the Pentagon last summer. Hackers seemingly based in China stole untold amounts of e-mail data from the Department of Defense's servers.

The nation's critical infrastructure systems, mostly owned by the private sector, may face a similar threat. Security researchers have long warned of security vulnerabilities in the Supervisory Control and Data Acquisition systems that control things like power plants and public transit. Over the past two years, hackers penetrated and extorted hundreds of millions of dollars from multiple companies using SCADA systems, says Alan Paller, director of the SANS Institute, an organization that hosts a crisis center for hacked companies. (See: "America's Hackable Backbone"). And in January, a CIA official revealed that a power outage affecting multiple cities outside the U.S. had been sparked by a cyber attack.