By Peace Onyishi, Warrior Cyber Analyst
On the 28th of March, 2024, the US Department of Defense announced the Defense Industrial Base Cybersecurity Strategy, a document intended to align with the 2022 National Defense strategy and the 2023 Department of Defense Strategy. The key aim of the strategy is to ensure the overall security — with emphasis on cybersecurity — and integrity of crucial weapon systems and production nodes while enhancing the cybersecurity of the Defense Industrial Base.
Lieutenant General Robert Skinner described the Defense Industrial Base as a soft underbelly that hackers can and do target. This is true. Hackers have targeted the DIB on multiple occasions, leading to significant breaches and data exfiltration. One notable instance is the incident between 2021 to 2022 when hackers infiltrated a DIB organization, maintained persistent access to its network, and stole sensitive data. Another would be the suspected Chinese hackers breach on a company working on the F-35 Joint Strike Fighter, the most expensive weapons system in U.S. history. It was recorded in numerous public reports that design data was stolen. This incident underscored the vulnerabilities within the Defense Industrial Base and the risks posed by cyber intrusions targeting critical defense projects. The strategy, therefore, is both timely and positive.
Collaboration was one of the discussed tactics to avoid the attack of adversaries. Private sector Defense Industrial Base contractors will join forces with DIB in order to protect critical information in the interest of the state. The collaboration allows for the pooling of resources, expertise and threat intelligence which will proactively strengthen the cybersecurity defenses against evolving cyber threats. However, it is important to take into consideration data privacy concerns. Sharing sensitive threat data with private contractors may raise concerns about data privacy and confidentiality, potentially leading to unauthorized access or misuse of classified information, a cybersecurity breach.
Former DoD Cybersecurity/AI specialist Talks to Warrior
Aside from private sector contractors, DIB’s Cybersecurity chief, Stacy Bostjanick also mentioned that as many federal stakeholders as needed will be brought on board. This includes the Department of Defense Cybercrime Center, National Security Agency and US CYBERCOM amongst others. This is designed to enable faster incident response and remediation strategies, reducing the impact of cyber incidents on critical defense infrastructure and ensuring operational continuity. It may also become mandatory to introduce additional regulatory compliance requirements and complexities to govern the joint effort.
According to the Chief Information Security Officer, David McKeown, the mission “is to protect sensitive information, operational capabilities and product integrity by ensuring the generation reliability and preservation of U.S. warfighting capabilities,” while the vision promises “a secure, resilient, technologically-superior Defense Industrial Base.”
The four goals of the strategy is to strengthen, to preserve, to enhance and to improve the cybersecurity of the Department of defense and Defense Industrial Base simultaneously. This will be achieved by working with interagencies to build a governance framework for maintaining a secure subcontractor CS environment, identifying DIB CS vulnerabilities and improving recovery from malicious cyber activity, mitigating risk in multi-tier supply chain by providing clear and consistent guidelines for industry, and maintaining bidirectional cooperatives across multiple core technology sectors.
Peace Onyishi is a cybersecurity specialist contributing as a Warrior Cyber Analyst
