Secretary of Defense Mark Esper has called Chinese 5G networks “the greatest intellectual property theft in human history.” Pictured: Esper arrives to address the media at U.S. Southern Command Jan. 23, 2020, in Doral, Florida. (Photo: Joe Raedle/Getty Images)
New Guidelines Could Help Secure America’s Defense Technology
Last week, the Pentagon released new guidelines on cybersecurity that it hopes will represent a big step forward for protecting American national security if implemented right.
Designed to improve the cybersecurity of Department of Defense contractors, the Cybersecurity Maturity Model Certification should strengthen cybersecurity practices throughout the supply chain, which would lead to more hardened defenses and fewer weak links that can be exploited by adversaries.
Malicious cyber activity cost the America economy $57 billion to $109 billion in 2016, and the threat continues to rise.
America’s key adversaries—China, Russia, Iran, and North Korea—all have cyber forces and affiliated hackers that target U.S. networks for a variety of reasons, most prominently to steal intellectual property.
In these trying times, we must turn to the greatest document in the history of the world to promise freedom and opportunity to its citizens for guidance. Find out more now >>
The Chinese are perhaps the largest culprits. Secretary of Defense Mark Esper has called Chinese 5G networks “the greatest intellectual property theft in human history.”
This new guidance will reduce these risks by requiring companies to meet certain cybersecurity requirements to do business with the Pentagon. The Cyber Maturity Model Certification is a set of guidelines that companies will have to meet, with varying levels of sophistication depending on the security of a given project.
The levels range from basic cyber hygiene and security protocols at Level 1, up to advanced cybersecurity measures able to withstand attempts by advanced hackers and advanced persistent threats at Level 5.
The required levels will begin appearing in Requests for Information for defense projects around June 2020, and ultimately will extend to all companies that do business with the Department of Defense.
Kate Arrington, who serves as the chief information security officer for the Office of the Under Secretary of Defense for Acquisition, said the first certifications almost certainly won’t be issued until 2021 but that all companies will be expected to have achieved certification by 2026.
Improving the cybersecurity of these companies is vital given the threats they face from foreign hackers looking to steal or compromise defense technology.
The theft or compromise of sensitive defense technology is even more dangerous in the defense sphere when viewed in the context of America’s growing competition with China.
Improving the cybersecurity in the defense supply chain is a national security priority, and this should prove an effective tool for that mission.
James Di Pane is a research assistant in the Davis Institute for National Security and Foreign Policy at The Heritage Foundation.