DOD Releases Strategy to Bolster Cybersecurity Across Industrial Base

The Defense Industrial Base Cybersecurity Strategy plots a course for increased focus and collaboration between the Defense Department and the U.S. defense industrial base on cybersecurity initiatives amid what officials say are persistent cyberthreats.

"Our adversaries understand the strategic value of targeting the DIB," said David McKeown, DOD's deputy chief information officer for cybersecurity. "Private sector DIB contractors are at risk for malicious cyber activities by adversaries and nonstate actors alike," he said. "Working in conjunction with the DIB, we can better ensure the safety of critical information and unauthorized disclosure of that information."

McKeown, who also serves as DOD's senior information security officer, was joined by Stacy Bostjanick, DOD's chief of defense industrial base cybersecurity, in unveiling the strategy at the Pentagon.

"We need to get on top of this extremely complex challenge," Bostjanick said. "This is a well contemplated, multifaceted, agile and nuanced response to the constant and evolving challenge [of] securing the DIB against malicious cyber activity."

The strategy lays out DOD's vision over the next three years for a secure, resilient and technologically superior U.S. defense industrial base to ensure the United States' warfighting edge.

It outlines four goals aligned with that vision:

Central to the goal of strengthening DOD's cybersecurity governance structure are efforts to bolster interagency collaboration and develop regulations that will further govern the cybersecurity responsibilities of contractors and subcontractors.

In terms of enhancing the DIB's cybersecurity posture, the strategy outlines steps to evaluate compliance with departmental cybersecurity requirements and evaluate the effectiveness of regulations and requirements. It also outlines steps to improve cyber-related threat and intelligence information with industry partners, identify vulnerabilities and recover from malicious cyber activity.

The strategy also directs the department to prioritize cyber resiliency among critical defense production capabilities and establish policies that reflect a focus on cybersecurity for key suppliers.

That focus aligns with broader department guidance, including the 2022 National Defense Strategy and the 2023 National Cybersecurity Strategy.

The newly released document also responds to a requirement to develop a comprehensive plan to ensure the reliability and integrity of production nodes for critical weapons systems outlined in the 2023 strategy.

The cybersecurity strategy also marks a continuation of the department's efforts to ensure the defense industrial base meets the demands of a challenging national security landscape.

Earlier this year, the Pentagon released the National Defense Industrial Strategy, which lays out long-term priorities that will guide DOD's actions to create a modern, resilient defense industrial ecosystem designed to deter U.S. adversaries and meet the production demands posed by evolving threats.

The NDIS focuses on four key areas critical to building a modernized defense industrial ecosystem over the next three to five years. Those areas are resilient supply chains, workforce readiness, flexible acquisition and economic deterrence.

The newly released cybersecurity strategy further builds upon that collaboration between DOD and its industry partners.

"We have identified opportunities to bolster [the] cybersecurity of our DIB partners, which will improve our overall cybersecurity of the U.S.," said Deputy Defense Secretary Kathleen Hicks in a statement accompanying the release of the strategy. "As our adversaries continuously seek information about U.S. capabilities, the department, in coordination with the DIB, must remain resilient against these attacks and succeed through teamwork to defend the nation."