DoD to set high standard for industry cybersecurity
At West 2018, Deputy Secretary of Defense Patrick Shanahan set an ultimatum for defense contractors: secure your data or lose our business. What exactly this means for contractors is not clear yet.
“When you make that type of statement, everyone kind of rears back and says ‘uh-oh, we have to do something,” said Robert Bigman, founder of 2BSecure and former chief information security officer at the CIA. “My guess is you’ll be seeing further guidance, or even standards and requirements coming from DoD about exactly what the DIB(Defense Industrial Base) space needs to start doing to secure their systems.”
Bigman believes that this was somewhat inevitable, because guidance from the Office of Management and Budget can’t deal with the details involved with cybersecurity, and is too vague to make relevant instructions for agencies.
“Cyber is such an arcane and very technical business that you really need to be very prescriptive in how you specify and what you want the customer base to do,” said Bigman. “It’s not one where you can just leave them to read their own interpretation of the NISPOM(National Industrial Security Program Operating Manual).”