Defense Industrial Base Cybersecurity Strategy to Require More Accountability From Contractors

Department of Defense Senior Information Security Officer and Deputy Chief Information Officer for Cybersecurity David McKeown, a 2023 Wash100 winner, said on Thursday during the GovExec Cyber Summit 2023 event that the department is working on contract modifications that would increase the cybersecurity responsibilities of commercial vendors, including cloud service providers, to bolster the department’s efforts to increase cybersecurity and prevent data breaches within its agencies. McKeown said that under the new contract language, the private contractor would be liable and must pay identity theft protection in the event that the personally identifying information of a defense worker is compromised, FCW reported.

The Pentagon wants to explore the effectiveness of red-teaming, which has been incorporated in the contracts to test the infrastructure security of commercial cloud providers and effective programs like Hack the Pentagon to check system vulnerabilities. McKeown said red-teaming is not yet the status quo due to insufficient resources but the red teams will be deployed when there are serious concerns. He said all of these are part of a defense industrial base cybersecurity strategy that will be laid down by the Pentagon in 2023.