New Guidelines Could Help Secure America’s Defense Technology

COMMENTARY Cybersecurity

New Guidelines Could Help Secure America’s Defense Technology

Feb 8th, 2020 2 min read
COMMENTARY BY
James Di Pane

Research Associate, Center for National Defense

James is a research associate in Heritage's Center for National Defense.
Secretary of Defense Mark Esper has called Chinese 5G networks “the greatest intellectual property theft in human history.”  Joe Raedle / Staff / Getty Images

Key Takeaways

The Pentagon released new guidelines on cybersecurity that it hopes will represent a big step forward for protecting American national security if implemented right

Designed to improve the cybersecurity of Department of Defense contractors, the Cybersecurity Maturity Model Certification should strengthen cybersecurity practices.

Improving the cybersecurity in the defense supply chain is a national security priority, and this should prove an effective tool for that mission.

Last week, the Pentagon released new guidelines on cybersecurity that it hopes will represent a big step forward for protecting American national security if implemented right.  

Designed to improve the cybersecurity of Department of Defense contractors, the Cybersecurity Maturity Model Certification should strengthen cybersecurity practices throughout the supply chain, which would lead to more hardened defenses and fewer weak links that can be exploited by adversaries.

Malicious cyber activity cost the America economy $57 billion to $109 billion in 2016, and the threat continues to rise.  

America’s key adversaries—China, Russia, Iran, and North Korea—all have cyber forces and affiliated hackers that target U.S. networks for a variety of reasons, most prominently to steal intellectual property.  

The Chinese are perhaps the largest culprits. Secretary of Defense Mark Esper has called Chinese 5G networks “the greatest intellectual property theft in human history.” 

This new guidance will reduce these risks by requiring companies to meet certain cybersecurity requirements to do business with the Pentagon. The Cyber Maturity Model Certification is a set of guidelines that companies will have to meet, with varying levels of sophistication depending on the security of a given project. 

The levels range from basic cyber hygiene and security protocols at Level 1, up to advanced cybersecurity measures able to withstand attempts by advanced hackers and advanced persistent threats at Level 5. 

The required levels will begin appearing in Requests for Information for defense projects around June 2020, and ultimately will extend to all companies that do business with the Department of Defense. 

Kate Arrington, who serves as the chief information security officer for the Office of the Under Secretary of Defense for Acquisition, said the first certifications almost certainly won’t be issued until 2021 but that all companies will be expected to have achieved certification by 2026.  

Improving the cybersecurity of these companies is vital given the threats they face from foreign hackers looking to steal or compromise defense technology. 

The theft or compromise of sensitive defense technology is even more dangerous in the defense sphere when viewed in the context of America’s growing competition with China. 

The Heritage Foundation’s Index of U.S. Military Strength details the increasing Chinese military threat, which continues to grow rapidly with the help of the secrets it has stolen. 

Improving the cybersecurity in the defense supply chain is a national security priority, and this should prove an effective tool for that mission.

This piece originally appeared in The Daily Signal