Pentagon Releases Strategy to Boost Cybersecurity for Defense Contractors

The Department of Defense has been working on a shared cloud workspace for contractors.
Pentagon Releases Strategy to Boost Cybersecurity for Defense Contractors
The Pentagon's river entrance in Arlington, Va., on Oct. 25, 2023. Madalina Vasiliu/The Epoch Times
Frank Fang
Updated:
0:00

The U.S. Department of Defense (DoD) has released a cybersecurity strategy aimed at shielding its suppliers from malicious cyber operations conducted by foreign adversaries, including Russia and China.

“Our adversaries understand the strategic value in targeting the DIB,” David McKeown, the Pentagon’s deputy chief information officer for cybersecurity told reporters on March 28.

DIB, which is short for the defense industrial base, refers to individuals, organizations, and businesses that the Pentagon relies on to provide equipment, materials, technology, and weapons systems needed for national defense.
Mr. McKeown said Americans must be aware of the “power of the hacker,” pointing to the examples of “the Chinese copy of the F-35, the Russian copy of the Space Shuttle.” China’s J-20 fighter is widely believed to be a knockoff of the F-35.

“All the data, the adversary’s looking for it, and it really shortcuts their engineering and production time when they can just steal it from us and not have to sit down and do real engineering on their own,” Mr. McKeown added. “So hopefully, everybody understands that this is a real threat.”

The strategy, a 39-page document titled “Defense Industrial Base Cybersecurity Strategy 2024” released on Thursday, will serve as a roadmap for fiscal years 2024 through 2027, to achieve “a secure and resilient DIB information environment.” It says the DIB includes about 300,000 defense companies and their supplies in both the defense and private sectors.

The document lays out four primary goals and many objectives. The four goals include strengthening the DoD governance structure for DIB cybersecurity, preserving the resiliency of critical DIB capabilities in a cyber-contested environment, and improving cybersecurity collaboration with the DIB.

The Pentagon’s Cybersecurity Maturity Model Certification (CMMC) program is a part of the strategy. The CMMC program is a tiered cybersecurity framework that aims to check the readiness of defense contractors and subcontractors to handle controlled unclassified information based on federal regulations.

One objective involves the collaboration with commercial internet, cloud, and cybersecurity service providers to increase “DIB cyber threat awareness.”

Collaboration

Mr. McKeown told reporters the Pentagon has been working on a shared cloud workspace for contractors.

“There are some things that we’re working on with the Office of Small Business [Programs] to develop a purpose-built cloud that some of the small businesses can just shoehorn themselves into and work out of there,” Mr. McKeown said.

The goal is to have a pilot version of the workspace this year and have 50 to 75 small businesses test it, he added, to decide whether data can be secured in this cloud environment.

“And then we‘ll have to look at how do we scale that up and offer that to more and more small businesses over time,” Mr. McKeown added. “But at some point ... it may just be a service offering that they’ll have to consume themselves. But it sure will beat having to build out all of the cybersecurity inside their own networks and boundaries if they can work out of these environments.”

A page of the document is dedicated to explaining the threats posed by China. “Managing DIB risk is a critical aspect of competition and integrated deterrence vis-à-vis the People’s Republic of China (PRC) in support of National Defense Strategy (NDS) objectives,” the document reads while referencing Pentagon’s Industrial Capabilities Report published in 2021.

“The PRC is conducting a focused campaign to undermine the nation’s operational effectiveness and obtain information on sensitive DIB acquisition programs in technology,” the document adds.

The National Defense Strategy, published in 2022, named China as “the most comprehensive and serious challenge to U.S. national security.”

Mr. McKeown also said he agreed with Lt. Gen. Robert Skinner’s previous remark characterizing the DIB as a “soft underbelly that hackers can and do target.”

“We’re still seeing intrusions taking place. We track that pretty heavily as a part of our mandatory reporting requirements. We collect those, we see the new ones that pop up on a weekly basis,” he said.

Ultimately, the success of implementing the strategy rests upon “enhancing collaboration” between the DoD and the DIB, according to Mr. McKeown.

“Over the last several years, the DIB has made great strides in improving cyber resiliency, security compliance, and understanding the threat landscape,” he said. “Together, through the DIB Cybersecurity Strategy, we will further advance our goals and improve DIB cybersecurity.”

Frank Fang
Frank Fang
journalist
Frank Fang is a Taiwan-based journalist. He covers U.S., China, and Taiwan news. He holds a master's degree in materials science from Tsinghua University in Taiwan.
twitter