The Department of Defense is working to develop a shared virtual cloud-based workspace for contractors as a way to strengthen cybersecurity and as part of a larger strategic effort to make defense enterprises safer.
“There are several things we are working on in conjunction with the Small Business Administration. [Programs] Developing a purpose-built cloud that some small businesses can leverage and work from,” David McCune, the Pentagon's deputy CIO for cybersecurity and chief information security officer, said Thursday. he told reporters.
The goal is to deploy a pilot version this year with up to 75 small and medium-sized businesses to determine whether their data can be adequately protected in a cloud environment. If successful, McCune said the pilot could be expanded and made available to more companies.
“But at some point, it may become just a service that they have to consume themselves. But if they can leverage these environments, they don't have to build all their cybersecurity within their own networks and perimeters. “It's definitely going to disappear,” he said.
The move is part of a larger push by the Department of Defense for its newly announced Industrial Cybersecurity Strategy to improve data and network security for the defense industrial base. The Defense Industrial Base Cybersecurity Plan, originally scheduled for release last year, aims to centralize the Pentagon's cyber efforts and resources and clarify the department's role.
“Everyone should believe in the power of hackers. It's been proven time and time again,” McCune said. “Our data, the enemy is looking for it. They can just steal data from us and we don't have to sit down and do the actual engineering ourselves, which really saves engineering and production time. This is a real threat.”
The strategy comes as defense contractors face the constant threat of cyberattacks. The goal of the plan is to improve the way the Department of Defense manages cybersecurity for the defense enterprise, strengthen security across the industrial base, increase key manufacturing capacity, and enhance collaboration.
“We're still seeing intrusions taking place. We track that pretty closely as part of our mandatory reporting requirements. We collect them and review new ones that emerge each week. “We're doing it,” McCune said. “Real events are important to us and we pay serious attention to them so that we can learn and apply lessons from them.”
This Congressional-mandated strategy aims to educate companies about what the cyber requirements are, some of the processes, and what assistance is available.
Approximately 1,500 companies currently receive voluntary cybersecurity assistance services through the Department of Defense Cybercrime Center (DC3). That's just a fraction of the more than 200,000 companies estimated to have contracts with the Department of Defense, and officials want to change that.
“We have [cyber resilience analysis] where to process [DC3] We work with SMEs, guiding them through our network and helping them understand where their vulnerabilities and gaps are. Therefore, we strongly encourage those who handle them. [controlled unclassified information] Sign up for the program today,” said Stacey Bostanick, director of the Defense Industrial Base Cybersecurity Initiative at the Department of Defense. “I’m looking forward to the problems that will arise with too many people joining the program.”
