The Department of Defense on Thursday released its first-ever cybersecurity strategy to better protect its large industrial base from hackers.
“As our adversaries continue to seek information about U.S. capabilities, the Department is working with the DIB to [defense industrial base]“We must remain resilient to these attacks and succeed in defending our nation through teamwork,” Deputy Secretary of Defense Kathleen Hicks said in a statement accompanying the release of the Defense Industrial Infrastructure Cybersecurity Strategy. .
This document serves as a roadmap to strengthen the cybersecurity and resiliency of the supply chain, which is comprised of hundreds of thousands of organizations that contract directly with the Department of Defense and its various components.
The strategy covers the period 2024 to 2027 and has four main objectives, including improving best practices within the industrial base. Each goal includes a subset of goals, such as recovering from a cyberattack.
The department's Cybersecurity Maturity Model Certification Program, a long-term effort to improve cybersecurity standards among contractors, is part of a strategy to ensure compliance and resiliency among vendors.
Defense officials have long worried about the digital vulnerabilities of companies that make up the department's supply chain. Supply chains are considered critical infrastructure and have been disrupted by several major breaches over the years.
Perhaps the most infamous incident occurred in 2009. That's when a suspected Chinese hacker broke into one of the companies developing the F-35 Joint Strike Fighter, the most expensive weapons system in U.S. history, and stole design data.
David McCune, the Pentagon's deputy chief intelligence officer for cybersecurity, said the danger posed by malicious actors remains constant.
“Everyone in this day and age, especially in the United States, should believe in the power of hackers,” he said at a press conference. “It's been proven time and time again.”
He said authorities are “still seeing intrusions occurring” and are tracking them “quite closely.”
McCune told reporters that he did not have any metrics to show whether the number of breaches was increasing, decreasing or staying the same.
These trends can change “based on whether a product has a vulnerability and a bad actor discovers it.” In some cases, if you don't access and patch that issue quickly enough, multiple companies could be attacked because they're constantly scanning for vulnerabilities and looking for ways to get in, which can lead to a frenzy. Prey may occur. ”
He said officials will now work to flesh out a strategy that organizations within the DIB can follow.
recorded future
intelligence cloud.
learn more.
