The Department of Defense (DoD) on Thursday announced its first ever strategy to enhance cybersecurity across the defense industrial base (DIB).
The DIB Cybersecurity Strategy outlines the DoD’s mission for the next three years for a secure, resilient, and technologically superior DIB to ensure the United States’ warfighting edge.
“Our adversaries understand the strategic value of targeting the DIB,” said David McKeown, DoD’s deputy chief information officer for cybersecurity, during the unveiling of the strategy. “Private sector DIB contractors are at risk for malicious cyber activities by adversaries and nonstate actors alike.”
“Working in conjunction with the DIB, we can better ensure the safety of critical information and unauthorized disclosure of that information,” he said.
The strategy outlines four goals aligned with this effort, and according to the department, the goals are key objectives that will guide DoD’s efforts to defend the nation and maintain a technology advantage. The goals are:
- To strengthen DoD’s governance structure for DIB cybersecurity by bolstering interagency collaboration and developing regulations that will further govern the cybersecurity responsibilities of contractors and subcontractors;
- To enhance the cybersecurity posture of the DIB;
- To preserve the resiliency of critical DIB capabilities in a cyber-contested environment; and
- To improve cybersecurity collaboration between DoD and the DIB.
“We have identified opportunities to bolster cybersecurity of our DIB partners, which will improve our overall cybersecurity of the US,” said Deputy Secretary of Defense Kathleen Hicks in a statement accompanying the release of the strategy. “As our adversaries continuously seek information about U.S. capabilities, the Department, in coordination with the DIB, must remain resilient against these attacks and succeed through teamwork to defend the Nation.”
The strategy outlines steps to evaluate compliance with departmental cybersecurity requirements and evaluate the effectiveness of regulations and requirements. It also outlines steps to improve cyber-related threat and intelligence information with industry partners, identify vulnerabilities, and recover from malicious cyber activity.
Additionally, the strategy directs the department to prioritize cyber resiliency among critical defense production capabilities and establish policies that reflect a focus on cybersecurity for key suppliers.
According to DoD, the new strategy falls under the 2022 National Defense Strategy and the 2023 National Cybersecurity Strategy.
The strategy also aligns with requirements outlined in the 2023 DoD Cyber Strategy, the 2024 DoD National Defense Industrial Strategy, and the National Institute of Standards and Technology Cybersecurity Framework.
