By Terri Moon Cronk, DOD News
The Defense Department wants to help its partner contractors, large and small, become better at their own cybersecurity efforts, the deputy assistant of defense for cyber policy said yesterday.
“We definitely want to make sure that size is not an obstacle to working with the Defense Department,” Mieke Eoyang said at the Defense One Tech Summit. “And we are trying to figure out how to make it easier for [contractors] to understand what kinds of better security practices are out there and what they can do to protect themselves.”
Eoyang said U.S. adversaries are very much aware that DOD relies on innovation, but she added DOD doesn’t just look at only large contractors when looking for a technological edge. It’s also important for contractors to adopt best practices in cybersecurity — such as turning on multi-factor authentication, using cloud migration or working with cybersecurity companies — to enhance their own security, she said.
DOD participates in whole-of-government activities to target and disrupt ransomware, the deputy assistant secretary said, adding that the department is willing to work through its intelligence and law enforcement partners to provide insights to disrupt such threats.
It’s vital for industry to think about this from the perspective of resilience, Eoyang said of protection in cybersecurity.
“Companies need to be prepared for the possibility that it could happen to them,” Eoyang said. “They need to improve their security, make themselves harder targets, but also really think about continuity of operations, so if, or when, they get hit, they know how to keep moving and how to work around the problem. But I don’t think that we want to be in a position where people are turning to the Department of Defense to try and stop every single criminal gang out there …. We have to be able to focus on those nation state adversaries, and we do focus on that. But in the meantime, people also need to focus on improving their own resilience, being harder targets.”
DOD is resilient and mature in its cybersecurity practices, the deputy assistant secretary said. “I think it’s very clear from the president on down … and other countries should make no mistake about the seriousness with which the United States treats this problem and our interest in being able to get after malicious actors.”