The U.S. Department of Defense (DoD) has released a cybersecurity strategy aimed at shielding its suppliers from malicious cyber operations conducted by foreign adversaries, including Russia and China.
“Our adversaries understand the strategic value in targeting the DIB,” David McKeown, the Pentagon’s deputy chief information officer for cybersecurity told reporters on March 28.
“All the data, the adversary’s looking for it, and it really shortcuts their engineering and production time when they can just steal it from us and not have to sit down and do real engineering on their own,” Mr. McKeown added. “So hopefully, everybody understands that this is a real threat.”
The document lays out four primary goals and many objectives. The four goals include strengthening the DoD governance structure for DIB cybersecurity, preserving the resiliency of critical DIB capabilities in a cyber-contested environment, and improving cybersecurity collaboration with the DIB.
The Pentagon’s Cybersecurity Maturity Model Certification (CMMC) program is a part of the strategy. The CMMC program is a tiered cybersecurity framework that aims to check the readiness of defense contractors and subcontractors to handle controlled unclassified information based on federal regulations.
Collaboration
Mr. McKeown told reporters the Pentagon has been working on a shared cloud workspace for contractors.“There are some things that we’re working on with the Office of Small Business [Programs] to develop a purpose-built cloud that some of the small businesses can just shoehorn themselves into and work out of there,” Mr. McKeown said.
The goal is to have a pilot version of the workspace this year and have 50 to 75 small businesses test it, he added, to decide whether data can be secured in this cloud environment.
“And then we‘ll have to look at how do we scale that up and offer that to more and more small businesses over time,” Mr. McKeown added. “But at some point ... it may just be a service offering that they’ll have to consume themselves. But it sure will beat having to build out all of the cybersecurity inside their own networks and boundaries if they can work out of these environments.”
A page of the document is dedicated to explaining the threats posed by China. “Managing DIB risk is a critical aspect of competition and integrated deterrence vis-à-vis the People’s Republic of China (PRC) in support of National Defense Strategy (NDS) objectives,” the document reads while referencing Pentagon’s Industrial Capabilities Report published in 2021.
“The PRC is conducting a focused campaign to undermine the nation’s operational effectiveness and obtain information on sensitive DIB acquisition programs in technology,” the document adds.
Mr. McKeown also said he agreed with Lt. Gen. Robert Skinner’s previous remark characterizing the DIB as a “soft underbelly that hackers can and do target.”
“We’re still seeing intrusions taking place. We track that pretty heavily as a part of our mandatory reporting requirements. We collect those, we see the new ones that pop up on a weekly basis,” he said.
Ultimately, the success of implementing the strategy rests upon “enhancing collaboration” between the DoD and the DIB, according to Mr. McKeown.
“Over the last several years, the DIB has made great strides in improving cyber resiliency, security compliance, and understanding the threat landscape,” he said. “Together, through the DIB Cybersecurity Strategy, we will further advance our goals and improve DIB cybersecurity.”