The Department of Defense (DoD) announced its inaugural strategy dedicated to enhancing cybersecurity within the defense industrial base (DIB) on Thursday.
The DIB Cybersecurity Strategy outlines the DoD’s objectives for the next three years, aiming for a secure, resilient, and technologically superior DIB to uphold the United States’ military advantage.
“Our adversaries recognize the strategic importance of targeting the DIB,” stated David McKeown, DoD’s deputy chief information officer for cybersecurity, during the strategy unveiling. “Private DIB contractors face risks of cyber threats from adversaries and nonstate actors alike.”
McKeown emphasized, “Through collaboration with the DIB, we can enhance the protection of critical information and prevent unauthorized disclosure of such data.”
The strategy delineates four objectives aligned with this mission, serving as critical guides for DoD’s defense efforts and technological supremacy maintenance. The goals include:
- Strengthening DoD’s governance structure for DIB cybersecurity by fostering interagency cooperation and formulating regulations governing the cybersecurity responsibilities of contractors and subcontractors;
- Enhancing DIB cybersecurity posture;
- Maintaining the resilience of essential DIB capabilities in a cyber-contested environment; and
- Improving cybersecurity collaboration between DoD and the DIB.
Deputy Secretary of Defense Kathleen Hicks affirmed, “We have identified opportunities to boost cybersecurity among our DIB partners, ultimately enhancing overall national cybersecurity resilience. The Department, alongside the DIB, must remain steadfast against attacks from adversaries seeking U.S. capabilities.”
The strategy also includes provisions to assess compliance with departmental cybersecurity requisites, evaluate the efficacy of regulations and standards, bolster cyber threat information exchange with industry partners, identify vulnerabilities, and recover from malicious cyber assaults.
Moreover, it directs the prioritization of cyber resilience in essential defense production capabilities and the establishment of cybersecurity-focused policies for key suppliers.
The DoD underscores that the new strategy falls in line with the 2022 National Defense Strategy, the 2023 National Cybersecurity Strategy, the 2023 DoD Cyber Strategy, the 2024 DoD National Defense Industrial Strategy, and the National Institute of Standards and Technology Cybersecurity Framework.