Supply Chain Cybersecurity Audits Are Coming…
Happy Monday! Last week we saw very interesting signals coming out of the Department of Defense, and the actions it’s exploring to instill accountability measures for DFARS cybersecurity requirements. In case you missed it, here are the highlights.
The Pentagon is taking action to address its primary source of concern: the expansive and vulnerable ecosystem of contractors and subcontractor that make up our defense industry supply chain — especially at the 3rd and 4th tier.
Expect self-reported self-assessments to be followed up with inquiry — potentially even using Artificial Intelligence measures to grade companies’ cyber-hygiene with a confidence score.
You can watch the entire speech made by DOD CIO Dana Deasy at the Jan. 29 Senate Armed Services Cybersecurity Subcommittee hearing on Department of Defense policies and threats here.
I encourage you to watch it when you have 90 minutes to spend, but you can also read the highlights here.
Also last week, NeQter’s own general manager, Rich Astle, spoke on a panel of local NIST and DFARS cybersecurity experts, hosted by Rhode Island’s MEP and moderated by a Raytheon manager of Government Relations and Strategy. There, the tone from attendees — most of whom are small businesses deep within the defense supply chain — was palpable curiosity and seeking guidance to meet the DFARS requirements.
If you suspect that you may not fare as well as you’d like with an audit, explore your options. Ask more questions. Seek help from experts fluent in NIST SP 800-171 guidance. The cost and range of options available to small businesses in the defense industry is far better when DFARS compliance and cyber hygiene are proactively addressed.