The Department of Defense has released its 2018 cyber security strategy, which has significantly evolved since its 2015 release. A key change is the addition of security as a fourth criterion in acquisitions, alongside quality, cost, and schedule.
Air Force deputy secretary Patrick Shanahan explained that security is no longer something to pay “extra” for. “We’re in a new world, and security is the standard, it’s the expectation, it’s not something that’s above and beyond what we’ve done before,” Shanahan said.
Another area of focus is on supply chain security. DoD will hold government contractors accountable for their supply chain cybersecurity practices. Contractors are responsible for all subcontractors they utilize, and they must take the time to properly assess each subcontractor’s operations.