Cybersecurity
Government Should Make Cybersecurity Standards Stronger and More Practical, Expert Says
The government should conduct a detailed evaluation of the defense industrial base's security following the SolarWinds hack that compromised networks of several federal agencies, according to McAfee Chief Technology Officer Steve Grobman.
The executive also suggested that agencies enhance their supply chain's cybersecurity without making standards too cumbersome to implement, Nextgov reported Tuesday.
Such a change would be among “some of the balancing acts that we need to circumnavigate as we start looking at the aftermath [of the hacking campaign and] what do we do next," Grobman told Nextgov.
Katie Arrington, chief information security officer for the Office of the Undersecretary of Defense for Acquisition and Sustainment, bared in a webinar that DOD already has plans to expand the Cybersecurity Maturity Model Certification to focus more on supply chain security.
“We have many ongoing efforts in securing the supply chain. The CMMC is giving primes cement to stand on when they’re talking to their suppliers, their subs about their maturity and what they’re thinking about. Getting a software [bill of materials] is something that is right on the cusp,” added Arrington, a past Potomac Officers Club event speaker and 2020 Wash100 awardee.
The CMMC is a unified standard for implementing cybersecurity across the defense industrial base, which, according to CSO Online, includes over 300K companies in the supply chain.
The program is envisioned to eventually require every defense industry contractor to be certified that they meet certain cybersecurity standards.
The Department of Homeland Security and General Services Administration have already taken steps toward incorporating the CMMC's provisions in their own contracting policies before the program's launch.
Category: Popular Voices