Officials from the Defense Department (DoD) highlighted supply chain and workforce and culture issues as two significant problems the agency faces in maintaining strong cybersecurity, during a panel discussion at FCW’s Cybersecurity Summit.
Monica Montgomery, the National Geospatial Intelligence Agency Office of Cybersecurity Chief for Risk Management, talked about supply chain risk management at DoD, and how the department has been trying to knit together “pockets of excellence within the agency” to manage those risks.
DoD Cyber Director John Garstka said the defense acquisition community needs to better communicate the department’s needs to protect its information. He added that DoD is working to put “standards into a five-level model” to make it easier for contract managers to articulate their expectations for acquisition.
Garstka said he has looked at different elements of the supply chain to see what parts pose the highest risk, in hopes of discovering systemic aspects of supply chain risk. His method has included looking at individual programs rather than the entire acquisition ecosystem, and using traditional intelligence resources and commercially available data analytics along the way.
While supply chain risk management is one significant challenge for the defense cybersecurity community, culture and workforce issues are also an area that defense officials are grappling with. Jason Martin, Vice Director of the Development and Business Center and Acting Director of the Cyber Development Directorate at the Defense Information Systems Agency (DISA), underscored this challenge.
“We’re having, I think, a clash of culture,” Martin said, adding that with employees both retiring and newly joining DoD, the defense cybersecurity workforce thinks and operates differently, and handling those culture changes has been particularly difficult.
In terms of handling the talent shortage in cybersecurity, Martin said DoD has worked harder to build early interest in defense cyber at high schools and colleges by pushing recruitment efforts. DoD has also collaborated with the intelligence community in finding employees and learning recruitment strategies, since, according to Martin, the IC has been successful at recruiting and retaining talent.
As DoD continues to tackle the challenges of workforce culture and recruitment, Martin and Montgomery said the department has also looked to leverage automation and artificial intelligence to help in maintaining a robust cybersecurity posture.