DOD Pilots Program to Identify Vulnerabilities in Defense Industrial Base

The Department of Defense Cyber Crime Center has launched a 12-month pilot program aimed at identifying vulnerabilities in the defense industrial base.

During the Defense Industrial Base Vulnerability Disclosure Program pilot, security researchers and cybersecurity experts will try to identify weaknesses in more than 100 defense assets across various organizations, CHIPS Magazine reported.

DC3 said the pilot program will act on lessons learned upon the strong recommendation of Carnegie Mellon University’s Software Engineering Institute, a federally funded research and development center.

White hat hackers in the pilot are expected to share information and insights on vulnerabilities to help the defense industrial base better secure sensitive technology and intellectual property, DC3 added.

In the wake of the SolarWinds breach, technology company executives called on legislators to require businesses to disclose data breaches in exchange for limited legal liability.

Eric Noonan, CEO of CyberSheath and a member of the Potomac Officers Club, said companies should be required to meet minimum cybersecurity standards if they are to be granted limited legal liability.

The DOD is already rolling out minimum cybersecurity requirements in defense contracts through the nascent Cybersecurity Maturity Model Certification program, the standards of which are already being adopted by other agencies, including the Department of Homeland Security and the General Services Administration.

DIB-VDP was jointly established by the DC3’s Defense Industrial Base Information Sharing Environment, the DOD Vulnerability Disclosure Program and the Defense Counterintelligence and Security Agency.

The DOD VDP was established in 2016 to provide another security layer to the DOD Information Network. The program receives crowdsourced information on cybersecurity vulnerabilities from private-sector white hat hackers.

Sign Up Now! Potomac Officers Club provides you with Daily Updates and News Briefings about Cybersecurity

Join Us Now