<img src="https://ws.zoominfo.com/pixel/4CagHYMZMRWAjWFEK36G" width="1" height="1" style="display: none;">
Request Demo

As of December 2017, any member of the Department of Defense supply chain needed to implement the NIST Special Publication (SP) 800-171 to be compliant to Defense Federal Acquisition Regulation Supplement (DFARS). For CISO’s in manufacturing and aerospace, this mandate caused massive reviews of cybersecurity posture and efforts to ensure that they would maintain their government contracts.

In September, the White House released the National Cyber Strategy. Condensed into four pillars, the strategy outlines the government’s approach to cyber moving forward:

  1. Protect the American People, the Homeland, and the American Way of Life
    1. This is the most relevant section to the civilian CISO. It focuses primarily on a consolidation of efforts and unification of standards as a means to protect critical infrastructure and government data.
  2. Promote American Prosperity
    1. Focuses primarily on talent development, maintenance of open cyberinfrastructure and protection of online marketplaces.
  3. Preserve Peace through Strength
    1. The most controversial pillar outlines an aggressive new stance on cyberattacks against bad state actors and proactivity against cybercriminals.
  4. Advance American Influence
    1. Further promoting an open flow of information across cyberspace (a note against close internet stats such as China)

While the White House National Cyber Strategy was released with great fanfare, the Department of Defense also released an updated cyber strategy. Both documents are strongly aligned in their main message but the DoD strategy gives a higher level of granularity.

The primary theme in both strategies: unification of efforts and standards

“The Administration will clarify the roles and responsibilities of Federal agencies and the expectations on the private sector related to cybersecurity risk management and incident response...It also includes addressing deficiencies in the Federal acquisition system, such as providing more streamlined authorities to exclude risky vendors, products, and services when justified. This effort will be synchronized with efforts to manage supply chain risk in the Nation’s infrastructure.”

What we saw with DFARS and DoD contractors appears to be expanding under the National Cyber Strategy. The DoD strategy also outlines the need for better standards across all government contractors -

"Our focus working with DIB entities is to protect sensitive DoD information whose loss, either individually or in aggregate, could result in an erosion of Joint Force military advantage. As the Sector-Specific Agency (SSA) for the DIB and a business partner with the DIB and DCI, the Department will: set and enforce standards for cybersecurity, resilience, and reporting; and be prepared, when requested and authorized, to provide direct assistance, including on non-DoD networks, prior to, during, and after an incident."

What appears to remain constant is the source from which these standards are derived: the NIST Cybersecurity Framework. A proactive CISO will see these changes that are already starting to take shape and begin planning accordingly. For manufacturers, DFARS may only be the beginning; and for industries outside the government supply chain, the National Cyber Strategy makes mention that these standards may soon expand beyond the DoD:

“The Administration will prioritize risk-reduction activities across seven key areas: national security, energy and power, banking and finance, health and safety, communications, information technology, and transportation.”

CISO’s in many of these industries have already seen increased scrutiny and regulation in the past. With this new focus from the White House, though, we will begin to see new mandates and standards take shape as a means to secure our private sector information as a national priority.

Outcomes and next steps

These signals from both the White House and the DoD indicate that change is imminent for the security industry. For many CISO’s in impacted industries, DFARS required a mad dash to ensure compliance and avoid loss of revenue. The new mandates that arise from these strategies are sure to broaden the scope of industries to ensure Americans’ security in cyberspace. Using the NIST CSF will ensure that you are building your strategy from the same first principles that the regulators are creating their standards.

 

 

You may also like

April Product Update
on May 3, 2022

Teamwork makes the dream work! Teamwork makes the dream work - an annoyingly accurate cliche we’ve repeatedly heard over the years from sports fields to corporate offices. It’s a ...

Watch The CyberStrong Platform ...
on April 27, 2022

With cyber-attacks on businesses at an all-time high, it’s more crucial than ever to keep an eye out for potential cyber risks. These risks pose an even bigger threat when ...

Alison Furneaux
January / February Product Update
on March 7, 2022

New year, new features! Each year brings a new list of new year’s resolutions - you know, that list of fake promises you make to yourself, like giving up chocolate, exercising ...

Kyndall Elliott
The Complete Guide to Your ...
on March 4, 2022

The incident response framework by the National Institute of Standards and Technology (NIST) is an impactful beginning for organizations looking to optimize their incident plan ...

Kyndall Elliott
All You Need to Know About NIST ...
on March 3, 2022

Businesses depend on protecting confidential information to establish a reputation of dependability in the market and build trusting relationships with their customers and ...

How Cyber and IT Risk ...
on March 10, 2022

Cybercrime has reached new heights over the last five years, especially during the COVID-19 pandemic. This is made evident by the costly security breaches in big corporations that ...