Defense Officials Push For Cyber Standards Compliance, Citing Warfighter Needs

Staff Sgt. Jacob Osborne/U.S. Marine Corps Forces Cyberspace Command

Officials from Defense’s CIO Office reiterated the need for strong digital defenses as conflicts take aim at critical infrastructure.

Officials from the Department of Defense highlighted the importance of having associate contractors secure sensitive data stored on digital networks, stating that the next security frontier hinges on cybersecurity.

Speaking at the AFCEA Small Business Enterprise IT Day on Thursday, Kelly Fletcher, the principal deputy at the Department of Defense’s Chief Information Officer, introduced Defense’s plans to ensure its warfighters are able to function as conflicts hinge on digital defenses. 

“As we look to the next four or five [years], we think that our adversary is going to be able to take advantage of technological vulnerabilities,” Fletcher said. “And I mean, things that we're all familiar with, sort of, from like a cybersecurity perspective. So our networks, our systems, you know, our computers, but even more than that, I mean, our weapons systems, I mean, position navigation and timing.”

She underscored this perspective on future conflicts––which is already occurring amid Russia’s invasion of Ukraine––fuels the need for government contractors to adhere to Defense’s Cybersecurity Maturity Model Certification, a roadmap of network and cybersecurity best practices specifically designed for contractors working with Defense.  

Fletcher added that data security will be a “deciding factor” in future and current conflicts, with intellectual property theft being an ongoing problem. 

Her colleague Stacy Bostjanick, the chief of Implementation and Policy in the Office of Defense’s Chief Information Officer, echoed this concern. 

“Our warfighters are dependent on us to give them the advantage that they can be successful in any kind of armed conflict,” Bostjanick said. “And we need to make sure we protect the data that is near and dear to be able to give them those capabilities.”

During the panel discussion at the event, Fletcher added that Defense is pushing the upgraded CMMC because recent research has shown that contractors working with the agency are widely divergent in their adherence to best practices in cybersecurity. 

“Part of why we're doing it is because we want…our defense industrial base partners to be more secure. That's really important to us. It's really important to the warfighter. It's really important to the nation.” She also said that businesses complying with CMMC guidelines will be favorable when dealing with competition for Defense contracts. 

Bostjanick added that DOD is working on crafting more tiers within CMMC for subcontractors to adhere to. By tailoring the standards for different businesses, the agency can ensure compliance across a broad range of specialties. 

“We have seen a lot more acceptance of the need for this,” she said, referencing the CMMC and other cybersecurity standards. “I'm not sure if I would say everybody's accepting how we're doing it, but they have accepted the need for us to be able to get secure and protect the data.”