Katie Arrington, CISO of the Pentagon’s acquisition policy office, is trying to shake up DoD’s acquisition bureaucracy, and has told contractors they need to better prioritize security in order to do business with the Pentagon and stifle foreign theft of defense secrets.
Last month, defense officials unveiled a draft of new cybersecurity standards for contractors, known as the Cybersecurity Maturity Model Certification. These will require contractors of all sizes to have a baseline level of cybersecurity practices in order to, for example, prevent adversaries from exfiltrating their intellectual property. Companies holding more sensitive defense data will need to demonstrate more advanced security practices. An updated draft is coming in November, and defense agencies’ requests for information will start using the standards next year.