The Pentagon on Thursday released its first-ever cybersecurity strategy aimed at better protecting its massive industrial base against hackers.
“As our adversaries continually seek information about U.S. capabilities, the Department, in coordination with the DIB (Defense Industrial Base), must remain resilient in the face of these attacks and succeed through teamwork to defend the nation,” Deputy Defense Secretary Kathleen Hicks said in a statement. accompanying the release of Defense Industrial Base Cybersecurity Strategy.
The document will serve as a roadmap for improving the cybersecurity and resiliency of the supply chain, which is made up of hundreds of thousands of entities that contract directly with the Pentagon and its various components.
The strategy, which covers fiscal years 2024 to 2027, sets out four main objectives, such as improving best practices within the industrial base. Each goal, in turn, contains a subset of goals, such as being able to recover from a cyberattack.
The department’s Cybersecurity Maturity Model certification program – its long-running attempt to raise cybersecurity standards among contractors – is one element of the strategy to ensure supplier compliance and resilience.
Defense officials have long worried about digital vulnerabilities at companies that make up the department’s supply chain, which is considered critical infrastructure and has been rocked by several major breaches over the years.
Perhaps the most infamous incident occurred in 2009, when suspected Chinese hackers broke into one of the companies working on the F-35 Joint Strike Fighter, the country’s most expensive weapons system of US history, and stole design data.
The danger posed by malicious actors remains constant, according to David McKeown, deputy chief information officer for cybersecurity at the Pentagon.
“Nowadays, especially in the United States of America, everyone should believe in the power of the hacker,” he said at a press briefing. “This has been proven repeatedly.”
He said authorities “always see intrusions” that are “fairly widely followed.”
McKeown told reporters he did not have a metric indicating whether the number of violations was up, down or at a level.
These trends can vary “depending on a product with a vulnerability that the bad guys discover.” There will sometimes be a feeding frenzy just because if you don’t get it right and fix it quickly enough, they can hit multiple companies because they’re constantly looking for vulnerabilities and looking for a way to get in.
He said officials would now work on developing an implementation of the strategy that DIB entities can follow.
Future saved
Intelligence cloud.