The consistent theme emerging within the defense sector is that the cyber defense relationships and processes that have been so successful with the large U.S.-based system integrators for the last decade are becoming ill-suited to an industry where much of what we need to protect increasingly lies with smaller, less capable, or international suppliers. These vendors find the emerging compliance culture untenable. Government and industry must revisit and revise the existing processes to find better ways to make the public-private partnership more inclusive. Adding to this is the emergence of nation state attackers against government and industry which demands a new strategic, collaborative response that is national, and may also involve an international response strategy. This chapter outlines the progression of the defense industrial base regulatory model and how we should begin to move beyond a strict regulatory approach. It recommends the adoption of a collective defense approach to help secure the smaller players in the DIB supply chain, which create risk for the entire sector. It offers several potential solutions, such as a program for email screening, a DIB Domain Name Service, and a centrally managed work environment for DoD contracts. The chapter concludes with a discussion on incentives for small and medium sized businesses, underscoring that adoption of cybersecurity programs needs to be dirt cheap and easy to use.
Combining Technology, Public Policy and Economics to Create a Sustainable System of Cybersecurity