US Navy, Air Force Renew Cybersecurity Reciprocity Pact
The U.S. Navy and Air Force have reaffirmed their mutual cybersecurity reciprocity commitment with the signing of a new memo on the sharing of security testing data for software. The document, which was published Monday, mostly reiterates the reciprocity pact outlined in a 2016 memo, but contains a provision stating that in cases where data-sharing is not practical, the other service’s chief information security officer should be notified, FedScoop reported Thursday.
The cybersecurity reciprocity agreement sought to reduce the cost of authorizing software for use within services by avoiding duplication, among other considerations. The latest memo stated that the sharing arrangement is needed to ensure that the military’s scarce security resources be spent on due diligence and analysis rather than “redundant and unnecessary testing or bureaucratic documentation.”
The latest memo was signed jointly by Air Force CIO Lauren Knausenberger and Navy CIO and 2021 Wash100 awardee Aaron Weis, and comes despite recent security concerns raised over the architecture and perceived lack of security documentation of the USAF’s Platform One development environment, FedScoop further reported.
An Air Force spokesperson said that the pact’s renewal reinforces the “spirit and intent of transparency and collaboration between the services” while a counterpart from the Navy said the memo “revitalizes the commitment of the two services to reciprocity.”
Meanwhile, Pentagon CIO Terry Halvorsen, who signed the first memo in 2016, said that although the policy is not new, the decision to reaffirm the pact could not have come at a better time. He stressed that by reiterating the importance of reciprocity and the policy already in place, the DOD’s bureaucracy is constantly reminded about the value of collaboration.
For his part, former USAF CIO Bill Marion, who now works at Accenture Federal Services, said that the reciprocity pact is needed to overcome the reluctance to accept new innovations, often arising from prolonged timelines, increased costs and duplication of efforts.
Tags: Aaron Weis Air Force cybersecurity Department of Defense FedScoop