CMMC CMMC and NIST CMMC Implementation CMMC implementation CMMC strategy Cyber attacks Cyber regulation and compliance Cyber risk management Cyber security Defence Industry Base (DIB) Federal CMMC National Security

US Senate Armed Services Subcommittee hearing – Cybersecurity of the Defence Industry Base (18th May 2021)

updated on Leave a Comment on US Senate Armed Services Subcommittee hearing – Cybersecurity of the Defence Industry Base (18th May 2021)

On the 18th of May 2021 the Senate Armed Services Subcommittee on cyber held a hearing on the ‘Cybersecurity of the Defence Industry Base (DIB)’, under the 2021 NDAA, focusing on the issue of cyber security of the DIB.  The targeting of the DIB by other Nation States, ‘affectively subsidising their own defence development’ is a complex issue which has yet to be addressed.  Should the DoD be holding prime contractors accountable for cyber security during the execution of defence contracts.  In March 2021 a review of CMMC was requested and is underway and is expected to deliver its recommendations on CMMC, a review which is complete with recommendations being finalised and which is expected to significantly modify the Interim CMMC ruling.

A robust presentation was given by Mr. Salazar and Rear Admiral William Chase, highlighting the issues the DIB faces in embedding cybersecurity and challenges in protecting DoD data from threat actors and developing appropriate solutions to support the DIB embed cybersecurity into core operational and business practices.   Is the DoD holding prime contractors responsible and accountable for ensuring that their subcontractors protect DoD data and overseeing subcontractors, effectively providing oversight and assurance over the security of DoD data across their supply chains.  The committee requested feedback if any contractors have been held accountable for the oversight and assurance of their subcontractors and the loss of DoD data.

It was confirmed that under Section 1736 of the 2021 NDDAA, the DoD is working to assess feasibility to implement sensors inside and outside the DIB to assess internal and external intrusion.  That there are mandatory cyber reporting requirements by contractors and subcontractors to report cyber incidents to the DoD.  The siloed approach across Federal Agencies needs to be addressed with better coordination between the DHS, DoD, DJ and FBI in response to cyber threats, removing barriers for information sharing.  Striking the right balance between private and public responsibilities for cyber protection.  With small DOB contractors often being the target of cyber attacks, having to ensure that they protect DoD information, which is costly. 

The subcommittee raised some challenging  questions.  This is worth watching to understand the developments in cyber security oversight and assurance, the problem that cybersecurity presents to US Federal Government and what will be next for CMMC?

About CMMC Europe

Experienced cyber security professional with 20 years experience as CISO and global head of cyber risk. Advising boards of Engineering and Manufacturing, Publish and Media and Financial Services meet and maintain cyber risk management and regulatory compliance.

Related Post

The MOU between the DoD and CMMC has been released

Should governments play a role in underwriting cyber risk

Cyber, the DoD and CMMC

The DoD and the importance of Cyber, CMMC and NIST

Cyber affects share price

Cyber regulation and US financial markets

CMMC CoE and EU

Cybersecurity Maturity Model Certification (CMMC). Challenges and opportunities for contractors in complying with the US DoDs requirements

US Department of Defence

GSA requests CMMC compliance for $50 billion STARS III contract

Leave a Comment

Your email address will not be published. Required fields are marked *

I accept the Privacy Policy