To protect military contractors from adversary cyberattacks, the Pentagon must work to educate, measure, and drive improvements in cybersecurity and industrial infrastructure resiliency, according to new Pentagon strategic guidance.
The Defense Industrial Base Cybersecurity Strategy, released Thursday, aims to guide the department and industry's response to digital threats. The bill, signed by Deputy Secretary Kathleen Hicks, would protect the Department of Defense from doing business, including small businesses and subcontractors, against adversaries seeking access to sensitive data, classified information, and intellectual property in weapons systems and production nodes. The aim is to strengthen companies that
As part of that effort, the Department of Defense is working with the Defense Industrial Base (DIB) to strengthen its cybersecurity posture while providing more consistent strategic guidance to companies, according to David McCune, deputy chief information officer for cybersecurity. It is said that it will be provided to
“Over the past several years, DIB has made significant progress in improving cyber resiliency, security, compliance, and understanding of the threat landscape,” McCune told reporters Thursday ahead of the document's release. “Together, through the DIB Cybersecurity Strategy, we will further advance our goals and improve DIB Cybersecurity.”
This document outlines four main goals and corresponding objectives covering activities from 2024 to 2027. While many of the initiatives listed have already begun or are part of the Department of Defense's broader approach to industrial-based cybersecurity, the strategy “strengthens the focus, collaboration, and integration of these goals. .
The Department of Defense's primary objective is to work with the DIB to strengthen companies' cybersecurity posture against advanced threats. To that end, the department will continue to regularly assess contractors' compliance with cybersecurity requirements, primarily through the Cybersecurity Maturity Model Certification (CMMC) program.
but, “[the] “The increasing number of threats resulting from the evolution and expansion of digital ecosystems has increased the need to tighten requirements for a subset of critical programs and high-value assets,” the strategy states. Therefore, the department said it will work on future rulemaking that expands on current requirements for the industrial base and introduces supplemental guidelines for those working with controlled unclassified information.
Compliance efforts such as CMMC's are proving popular, especially among small and medium-sized businesses and non-traditional defense contractors who find compliance with regulations costly and difficult to maintain. It has been the subject of intense scrutiny.
Mr McCune stressed that the new strategy takes into account contractors of all sizes and that the Department is committed to helping small and medium-sized businesses strengthen their cybersecurity posture through a number of free resources.
In addition, McCune said his office is working with the Small Business Administration on a pilot to develop a secure cloud-based environment that small businesses can use to conduct their business. Officials hope to have about 50 to 75 companies participating in the program, with work starting this year.
The goal is to “prove that the cloud can be leveraged to secure data in a cloud environment for small and medium-sized businesses,” McCune said. “And how do we scale that up and offer it to more small businesses over time, or how do we get a price point that small businesses can afford and start leveraging it for our own companies? We need to consider whether.”
The department also wants to build a new framework for sharing threat information with the industrial base. Conduct an analysis of potential cyber vulnerabilities in the contractor's IT ecosystem. Improve how businesses recover from malicious cyber activity and minimize information loss. Measure the overall effectiveness of the Department of Defense's cybersecurity requirements.
Other goals detailed in this strategy include strengthening the Department of Defense's internal governance structures around DIB cybersecurity, maintaining cyber resiliency in the defense supply chain, and improving overall collaboration between agencies and contractors on cybersecurity issues. This includes strengthening collaboration.
Stacey Bostanick, Director of Defense Industrial Infrastructure Cybersecurity in the Office of the CIO, emphasized that the Department of Defense is committed to working with contractors and various stakeholders across the government to execute the strategy. .
“Our mission is to protect the integrity of our classified information, operational capabilities, and products by ensuring the generation, responsibility, and sustainment of America's combat capabilities,” Bostanik told reporters. “Our vision is simple: a safe, resilient and technically superior His DIB.”
