The Pentagon’s acquisition community is going after two major sources of risk within the industrial base: the cybersecurity of companies that do business with the Defense Department, and fragility within certain critical suppliers.
Ellen Lord, under secretary of defense for acquisition and sustainment, said Thursday at the U.S. Naval Institute annual meeting that “cybersecurity is probably the largest emerging threat we have.”
“However, we have these high-level [National Institute of Standards and Technology] standards that we say industry has to comply with. It is not particularly easy to understand how to comply with a hundred and twenty-some separate requirements,” she said.
“So what I’ve mandated is, this year we will come up with a National Cybersecurity Standard with metrics, and we will develop third-party independent auditors who can go and audit against those cybersecurity standards. This is very similar to ISO standards for quality. In that way, we will be able to discriminate between a company that is really cyber-secure and one that is not.”
The Navy has had its share of challenges in this area recently, with companies working with the Navy on undersea warfare research or acquisition projects being especially prone to cyber attacks. The Washington Post reported in June that a contractor working with the Naval Undersea Warfare Center in Rhode Island on a supersonic anti-ship missile was hacked by the Chinese government. In December, The Wall Street Journal reported on a Navy review of cyber vulnerabilities that highlighted many attacks in recent months, mostly tied back to China.
Lord noted in her remarks, though, that small businesses often don’t have the money or the in-house expertise to build up their cyber protections in the way that large corporations do, and too-strict cybersecurity requirements could be a barrier to doing business with the Pentagon for many companies.
Admin
Posted On: 18th Mar 2018 -Enjoy it
Comments are closed.