News   Reform

DOD Wants Partners to Up Their Cybersecurity Game, Official Says

June 25, 2021 | BY Terri Moon Cronk , DOD News

The Defense Department wants to help its partner contractors, large and small, become better at their own cybersecurity efforts, the deputy assistant of defense for cyber policy said yesterday.

"We definitely want to make sure that size is not an obstacle to working with the Defense Department," Mieke Eoyang said at the Defense One Tech Summit. "And we are trying to figure out how to make it easier for [contractors] to understand what kinds of better security practices are out there and what they can do to protect themselves."

Military personnel sit at computer terminals in a room with a large screen.  One service member is standing.
Cyber Ops
Personnel with the 175th Cyberspace Operations Group conduct cyber operations at Warfield Air National Guard Base, Middle River, Md., June 3, 2017.
Photo By: J.M. Eddins Jr., Air Force
VIRIN: 170603-F-LW859-023A

Eoyang said U.S. adversaries are very much aware that DOD relies on innovation, but she added DOD doesn't just look at only large contractors when looking for a technological edge. It's also important for contractors to adopt best practices in cybersecurity — such as turning on multi-factor authentication, using cloud migration or working with cybersecurity companies — to enhance their own security, she said.

DOD participates in whole-of-government activities to target and disrupt ransomware, the deputy assistant secretary said, adding that the department is willing to work through its intelligence and law enforcement partners to provide insights to disrupt such threats.

It's vital for industry to think about this from the perspective of resilience, Eoyang said of protection in cybersecurity.

A young man dressed in a military uniform reaches into a cabinet with electrical equipment.
Cyber Tech
Air Force Airman 1st Class Christopher Kendrick, a cyber transport technician for the 49th Communications Squadron, connects fiber optic cables to the base network switches at the base network control center on Holloman Air Force Base, N.M., June 30, 2020.
Photo By: Air Force Airman 1st Class Quion Lowe
VIRIN: 200630-F-UE756-1025C

"Companies need to be prepared for the possibility that it could happen to them," Eoyang said. "They need to improve their security, make themselves harder targets, but also really think about continuity of operations, so if, or when, they get hit, they know how to keep moving and how to work around the problem. But I don't think that we want to be in a position where people are turning to the Department of Defense to try and stop every single criminal gang out there …. We have to be able to focus on those nation state adversaries, and we do focus on that. But in the meantime, people also need to focus on improving their own resilience, being harder targets."

DOD is resilient and mature in its cybersecurity practices, the deputy assistant secretary said. "I think it's very clear from the president on down … and other countries should make no mistake about the seriousness with which the United States treats this problem and our interest in being able to get after malicious actors."

A computer screen shows a map of the globe overlaid with additional information.
Cyberattack Screen
Real-time cyberattacks are displayed on screen at the 275th Cyberspace Squadron's operations floor, Middle River, Md., Dec. 2, 2017.
Photo By: J.M. Eddins Jr., Air Force
VIRIN: 171202-F-LW859-013A

DOD has been working through U.S. Cyber Command and other entities, she said, directly with industry to help contractors identify potential malicious activity on their networks. "And there are other things we can do to help people — [such as] when we identify malware, we can post it out there for the world to see — so that they can take that into consideration as part of their efforts to secure their own systems." 

As DOD considers how to bolster its allies, security cooperation is a big factor, Eoyang said. "What I've seen so far is that one of the No. 1 requests to the combatant commanders for security cooperation assistance is in the area of cybersecurity. But we do not have the clarity of offerings that the private sector could provide under security cooperation funds to our partners and allies, so I would encourage industry to work with us so that we have a better understanding of what might be available, what they might be able to provide through security cooperation, to help shore up the cybersecurity of our partners and allies. And [our] door's always open to talk about that."