With the Defense Department putting a tighter focus on cybersecurity when dealing with contractors, the Aerospace Industries Association has responded with new voluntary industry standards that aim to complement the Pentagon’s work.
As cybersecurity becomes a marquee issue for the U.S. military, a major aerospace group is helping set the path forward.
Last week, the Aerospace Industries Association announced a new standard for cybersecurity issues, with the goal of thoughtfully addressing threats as they surface while building resilience into the infrastructure the defense industry relies upon. The voluntary framework announced by the group aims to complement the U.S. Department of Defense’s existing work on the issue of cybersecurity, noted AIA President and CEO Eric Fanning.
“With aggressive state and non-state cyber actors targeting the United States, it is essential that our industry work collectively to protect technology and information,” Fanning said in a news release. “We are committed to bringing our industry together in partnership with government to implement this and other meaningful measures that keep us and our nation safer from cyber threats.”
The move to tighten cybersecurity among defense contractors comes as the Defense Department has strengthened its own cybersecurity standards, which may have a direct impact on future defense contracts, as the military looks to take steps to decrease its exposure to potential attack vectors. The Washington Post noted in August that such concerns have already led to efforts to ban technology from companies perceived to have ties to state actors, such as Kaspersky Lab, a Russian security-software firm, and the Chinese telecom firms Huawei and ZTE. A tighter approach to security may also be a factor in the Pentagon’s reported desire to use a single vendor to cover its cloud-computing needs.
The result for vendors is that the Pentagon is more closely scrutinizing contractors on cybersecurity considerations, something Breaking Defense suggests is to become a “fourth pillar” of the procurement process, after cost, schedule, and performance.
Ellen Lord, the undersecretary of defense for acquisition and sustainment, told the outlet that procurement will involve more robust testing of contractors’ cybersecurity mechanisms.
“Up to this point in time there has really been self-reporting (of problems),” Lord explained to the outlet. “We are actually going to go in and ‘red team’ industry to see how robust their systems are. The reality of the world we live in means cyber security is going to become more and more of a discriminator.”
In a piece in the Post last week, analysts who spoke to the newspaper suggested the efforts by AIA could help ease this process, by ensuring industry players were meeting a certain standard of security.