Innovation vs. Security: Cybersecurity for the Defense Industrial Base

The Defense Industrial Base (DIB) Cybersecurity Strategy must tread a fine line between new ideas and security.

“Recognizing the fact that you want industry to be free, to be innovative and creative, and have open systems where it makes sense. But at the same time, recognizing that within the bounds of privacy and propriety, we also don't want to do something that's going to potentially introduce vulnerabilities,” said Maj. Gen. Patrick Ryder, USAF, Department of Defense (DoD) chief spokesperson.

The DoD released this document on Thursday and it seeks to defend the U.S. technology advantage by:

• Strengthening the DoD governance structure for DIB cybersecurity
• Enhance the cybersecurity posture of DIB contractors
• Preserve the resiliency of critical DIB capabilities in a cyber-contested environment
• Improve collaboration with the DIB, according to a release.

The document recognizes direct threat to all companies involved in defense in the United States.

“DIB companies, both large and small, are at risk of malicious cyber activities conducted by foreign adversaries, such as Russia, China, Iran, and North Korea, in addition to nonstate actors, such as violent extremist organizations and transnational criminal organizations,” the document lays out.

"As our adversaries continuously seek information about U.S. capabilities, the department, in coordination with the DIB, must remain resilient against these attacks and succeed through teamwork to defend the nation," said Deputy Secretary of Defense Kathleen Hicks. 

Even though this is the first time the DoD issued such a document, these concerns were always present.

“This publication is about evolution, not revolution. It's a continuation of much of what has been done in the past or what is already in motion, in some cases,” said Joel Krooswyk, federal chief technology officer of GitLab, a company involved with the DoD on several initiatives.

Still, one of the innovative elements is where small suppliers can find too costly keeping cybersecurity standards at acceptable levels.

“An innovative component of the DoD’s approach includes providing Cybersecurity-as-a-Service offerings to eligible DIB contractors,” wrote Jorge Laurel, Enduring Security Framework chief at the National Security Agency.

Krooswyk, an experienced cybersecurity expert involved with the DoD, still has two major concerns about what the document is missing.

The first one is around transparency: “The term doesn't appear in this strategy at all. What assurances of operational transparency need to be in place for the DIB that may not be in place today?” he asked.

The second one is artificial intelligence (AI): “It seems more important than ever, especially as AI enters the picture. The terms "AI" and "artificial intelligence" are completely absent within this strategy,” Krooswyk told SIGNAL Media.