Only 1% of defense contractors voluntarily talk about their cybersecurity efforts, which leaves a gap in security, says David McKeown, Pentagon’s acting principal deputy CIO. "There is a little bit of reluctance for a company to share anything with (DoD). Like if we were to go in and take a look at their network and find out that it is abysmal. They wouldn't want that information to be leaked,” said at Politico’s Defense Summit. “We're not prescriptive in nature, as to them ... working with us. And that's the failing point right now: That it's all voluntary.” Companies are supposed to adhere to a set of cybersecurity standards (NIST 800-1710, but DoD assessments show most vendors fail, he said. DoD has various ways to help its vendors, free of charge: On-site network assessments, sharing threat intelligence, shoring up email security and providing protective DNS. Few companies take advantage of the offerings: 1% of hundreds of thousands of contractors, he said. McKeown spoke ahead of a federal rule for the Cybersecurity Maturity Model Certification program, which will require all defense contractors to go through a third-party verification process attesting to their cybersecurity and processes. The rule is expected early next year. (Defense One 11/16/22) Contractors’ Reluctance to Work With Pentagon on Cybersecurity Is Leaving Vulnerabilities, DOD Official Says - Defense One
No comments:
Post a Comment