Request Demo

DFARS

The Pentagon to Include Contractor Security Into Buying Decisions - How Contractors Can "Deliver Uncompromised"

down-arrow


A four-pronged effort at the Pentagon ignites a new program entitled “Deliver Uncompromised” targeted at various parts used in American military hardware and manufacturing — for instance, microelectronics.

On June 8, the Washington Post reported that the Chinese government hackers had compromised the computers of a Navy contractor, and had completed a mission to steal large amounts of sensitive data, some of which included secret plans to develop a supersonic anti-ship missile to be used on U.S. submarines in less than two years time.

The government hackers from China hacked a Navy contractor to gain intelligence - and were successful. Pentagon officials have reported that including better security measures into the military’s acquisitions process is imminent, and necessary. These new measures will better protect the defense industry from cyber-related threats both in the U.S. and abroad. 

The Deputy Under Secretary of Defense for Intelligence, Kari Bingen, noted that “It is no longer sufficient to only consider cost, schedule and performance when acquiring defense capabilities. We must establish security as a fourth pillar in defense acquisition and also create incentives for industry to embrace security, not as a cost burden, but as a major factor in their competitiveness for U.S. government business.”

On Thursday, Pentagon officials testified before the House Armed Services Committee. They talked to the issue that they saw as the foundation of the threats at hand, which was in a broader sense and according to the testimonials, China’s efforts to transfer U.S. military tech intelligence - including commercial investments, trade practices and intellectual property theft - in an effort to disarm and displace some of the U.S.'s military competitive edge.

The Under Secretary of Defense for Research and Engineering, Michael Griffin, noted that “the Chinese theft of technology and intellectual property, through the exfiltration of the work of others is not unlike the Chinese construction of islands to encroach upon the geographic domains of international waters and those of other sovereign nations, it circumvents the autonomy of nations in a departure from a rules-based global order. It is adversarial behavior and its perpetrator must be treated as such.” Clearly, these officials are done letting security measures prove inefficient when mature and robust threats arise.

 

A four-pronged effort at the Pentagon ignites a new program entitled “Deliver Uncompromised” targeted at various parts used in American military hardware and manufacturing — for instance, microelectronics.

“We must have confidence that industry is delivering capabilities, technologies and weapon systems that are uncompromised by our adversaries, secure from cradle to grave,” noted the Deputy Under Secretary of Defense for Intelligence.

Rep. Adam Smith, D-Wash. said that “we had a briefing yesterday on a cyber breach, and it was shocking how disorganized, unprepared and, quite frankly, utterly clueless the branch of the military was that [it] had been breached. Even in this day and age, we still have not figured out how to put together a cyber policy to protect our assets. In particular, with our defense contractors, who we work with, who store our data, but don’t have adequate protection. But even within the DoD, we don’t have a clear, cohesive policy to put in place.”

Bingen suggested a “checklist-based” security procedure could be used across the board, regardless of contractor size. The goal being that the program would be “risk-based (like the NIST Cybersecurity Framework) … informed by the threat and the department’s technology protection priorities”.

You likely know of the initiative - Defense Federal Acquisition Regulation Supplement (DFARS) 252.204-7012 which details adherence to NIST SP 800-171(see explanatory guide here) -  This cybersecurity compliance requirement for defense contractors was developed to better protect “controlled unclassified data" of the government, which “in aggregation can be as damaging as a breach of classified information” in the words of Bingen.

The regulation covers technical or personal information for any organization selling to the Department of Defense, and was being considered to be made into a Federal Acquisition Regulation, even long before this summer's events.

If you are contractor selling into the government space, it will be necessary for you to prove not only adequate security, but also prove your ability to Deliver Uncompromised. Looking for a good set of security standards to standardize on? Adopt DFARS NIST SP 800-171 ahead of time to set yourself up for success and business growth. CyberStrong automates the reporting, tracking, and proving required, and makes cybersecurity compliance and best practice adoption easy. Learn more by getting a free demo.

 

You may also like

Marriott Breach Points To Issue In ...
on December 13, 2018

On Friday, November 30th, Marriott International announced what could be one of the largest data breaches in history. Over 500 million guests’ personal data, ranging from names to ...

The Key To Turning Your Security ...
on December 13, 2018

It is often said, “if you don’t want something noticed, don’t talk about it”. This is true of a bad GPA, a stain on a carpet, or a project you might have missed a deadline for. ...

Solving The Cybersecurity Skills ...
on December 6, 2018

It is no shock to those in the cyber community that cybersecurity has become a board-level issue for many enterprises. A PwC survey showed a 20% increase in CEO’s concern over ...

The Next Wave Of Innovation For ...
on December 12, 2018

   The internet of things (IoT) is a force transforming the modern enterprise. Anything from robotics in warehouses to smart manufacturing to data center monitoring, the ...

The Corporate Compliance and ...
on December 4, 2018

Corporate compliance and oversight (CCO) is one of the main pillars to a strong integrated risk management (IRM) program and solution. Today, compliance leaders are faced with a ...

Securing the AI powered enterprise
on December 5, 2018

Machine learning and artificial intelligence (AI) has become the competitive differentiator of our time. By 2020, Gartner predicts that almost all new products to enter the market ...