To protect military contractors from adversary cyber attacks, the Defense Department must commit to educating, measuring, and driving improvements in the cybersecurity and resiliency of the industrial base, as outlined in the Defense Industrial Base Cybersecurity Strategy released by the Pentagon on Thursday.
Signed by Deputy Secretary Kathleen Hicks, the strategy aims to strengthen companies engaged in business with the Pentagon, including small businesses and subcontractors, against adversaries seeking access to sensitive data, proprietary information, and intellectual property related to weapon systems and production nodes.
David McKeown, deputy chief information officer for cybersecurity, stated that the Pentagon will collaborate with the defense industrial base (DIB) to enhance their cybersecurity posture while providing more comprehensive strategic guidance for companies.
The document lays out four main goals and corresponding objectives for activities spanning from fiscal 2024 to 2027. While many efforts are already underway, the strategy will help sharpen the focus, collaboration, and integration of those objectives.
One key aspect will involve working with the DIB to strengthen companies’ cybersecurity posture against advanced threats, such as through the Cybersecurity Maturity Model Certification (CMMC) program to evaluate contractor compliance with cybersecurity requirements.
Additionally, the strategy will engage in future rulemaking to enhance requirements for critical programs or high-value assets within the industrial base, introducing additional guidelines for handling controlled unclassified information.
The strategy also addresses the concerns of small businesses and non-traditional defense contractors regarding compliance efforts like CMMC, ensuring that resources and support are available to help them strengthen their cybersecurity posture.
Furthermore, the strategy includes initiatives such as developing a secure, cloud-based environment for smaller companies, sharing threat information with the industrial base, analyzing cyber vulnerabilities, improving recovery from malicious cyber activities, and measuring the effectiveness of DOD cybersecurity requirements.
Ultimately, the strategy aims to strengthen internal governance, preserve cyber resiliency in the defense supply chain, and enhance collaboration among government agencies and contractors in cybersecurity matters.
Stacy Bostjanick, chief of defense industrial based cybersecurity, highlighted the Pentagon’s commitment to working with contractors and stakeholders across government to achieve the strategy’s objectives, aiming for a secure, resilient, and technologically superior defense industrial base.