The consistent theme emerging within the defense sector is that the cyber defense relationships and processes that have been so successful with the large U.S.-based system integrators for the last decade are becoming ill-suited to an industry where much of what we need to protect increasingly lies with smaller, less capable, or international suppliers. These vendors find the emerging compliance culture untenable. Government and industry must revisit and revise the existing processes to find better ways to make the public-private partnership more inclusive. Adding to this is the emergence of nation state attackers against government and industry which demands a new strategic, collaborative response that is national, and may also involve an international response strategy. This chapter outlines the progression of the defense industrial base regulatory model and how we should begin to move beyond a strict regulatory approach. It recommends the adoption of a collective defense approach to help secure the smaller players in the DIB supply chain, which create risk for the entire sector. It offers several potential solutions, such as a program for email screening, a DIB Domain Name Service, and a centrally managed work environment for DoD contracts. The chapter concludes with a discussion on incentives for small and medium sized businesses, underscoring that adoption of cybersecurity programs needs to be dirt cheap and easy to use.
Combining Technology, Public Policy and Economics to Create a Sustainable System of Cybersecurity
Jeffrey C. Brown is the Vice President and Chief Information Security Officer at Raytheon Technologies. Previously, he held numerous operational and staff positions within the Air Force and industry. He holds a Computer Science degree from the U.S. Air Force Academy, a master’s degree in computer science from the University of California at Berkeley, and a master’s degree in National Security Strategy from National Defense University. He is a contributing author to the ISA’s Cybersecurity Social Contract Handbook (2016).
J.R. Williamson is the Senior Vice President and Chief Information Security Officer for Leidos. Previously, he held positions at Northrop Grumman, serving as the Corporate CIO, Deputy Chief Information Security Officer, Chief Engineer, Chief Technologist, Director of the Enterprise OneNGC Program Office, and Executive Director of IT Infrastructure and Enterprise Services Operations. Prior to Northrop Grumman, Mr. Williamson served a 4-year stint as a civilian working for Headquarters, United States Marine Corps in the Special Services unit. Mr. Williamson holds a bachelor’s degree in decision sciences and information management from George Mason University and a master’s in information systems from Virginia Tech.
Mike Gordon is the Chief Information Security Officer for Lockheed Martin Corporation. He is serving his tenth year on Board of Directors for the Defense Information Security Exchange (DSIE) and the National Defense Information Sharing and Analysis Center (ND ISAC), as well as Chairman of the Defense Industrial Base Sector Coordinating Council (DIB SCC) for the protection of critical national infrastructures. He holds an undergraduate degree in Engineering Physics and Masters in Technical Management from Embry-Riddle Aeronautical University as well an MBA and Master of Information Assurance degree from the University of Dallas.
Michael Higgins is the vice president of information security and chief information security officer for L3Harris Technologies. He holds a bachelor’s degree in engineering from the State University of New York at Stony Brook.
Josh Higgins is the Senior Director of Policy and Communications at the Internet Security Alliance, Previously, he was a journalist for Inside Cybersecurity. He holds a bachelor’s degree in Communication and Political Science from Virginia Tech.