Data breaches that have troubled the Department of Defense supply chain have captured the attention of lawmakers on Capitol Hill, a topic which came up during the recent confirmation hearing for DoD CIO Dana Deasy. Sen. Joe Manchin (D-WV) pressed him on how Defense can shore up the cybersecurity shortfalls of subcontractors.
Manchin wants to impose “very, very severe” financial penalties on prime contractors who don’t oversee the cybersecurity of their subcontractors. Deasy said that monetary punishment wasn’t something he’s considered so far, but agreed that there needed to be an “intervention.”
Deasy said that prime contractors shouldn’t be allowed to self-assess, but that wasn’t enough for Manchin, who firmly asserted that top-tier contractors need to be held accountable for the cybersecurity of subcontractors. Manchin said he and his colleagues are “talking about” legislation that will hold prime contractors responsible for their subcontractors “all the way down the line.”