'It's going to be painful': Pentagon official urges contractors to improve cybersecurity

[InfoSec News <alerts () infosecnews org>]

https://www.cyberscoop.com/katie-arrington-pentagon-contracting/

By Sean Lyngaas
CYBERSCOOP
October 16, 2019

A politician-turned-defense official who is trying to shake up the 
acquisition bureaucracy in the U.S. Department of Defense told contractors 
they need to better prioritize security in order to do business with the 
Pentagon, and stifle foreign theft of defense secrets.

“This is a change of culture,” Katie Arrington, chief information security 
officer of the Pentagon’s acquisition policy office, said Wednesday. “It’s 
going to take time, it’s going to be painful, and it’s going to cost 
money.”

Arrington, who joined the Office of the Undersecretary of Defense for 
Acquisition and Sustainment in January, is spearheading the development of 
new cybersecurity standards for contractors. Last month, defense officials 
unveiled a draft of the guidelines, known as the Cybersecurity Maturity 
Model Certification.

The standards will require contractors of all sizes to have a baseline 
level of cybersecurity practices in order to, for example, prevent 
adversaries from exfiltrating their intellectual property. Companies 
holding more sensitive defense data will need to demonstrate more advanced 
security practices. An updated draft is coming next month, and defense 
agencies’ requests for information will start using the standards next 
year.

[...]

--
Subscribe to InfoSec News
https://www.infosecnews.org/subscribe-to-infosec-news/
https://twitter.com/infosecnews_