At a Senate hearing on Defense Department cybersecurity, lawmakers wanted to know whether a program aimed at hardening the security of the defense industrial base would thwart supply chain attacks.
By Adam Mazmanian
May 19, 2021
In the wake of infiltration of government and private networks through SolarWinds software and the ransomware attack on Colonial Pipeline, lawmakers are looking to reduce the exposure of federal and critical infrastructure systems to hacks.
The Pentagon’s Cybersecurity Maturity Model Certification program is designed to be one key line of defense. The program sets out five maturity models applicable to defense industrial base contractors based on the level of sensitivity of information stored in their systems. Under the program, obtaining a certification of compliance at the appropriate risk level is an allowable cost. However, the extent to which contractors may have to dig into their own pockets to obtain certification is a running concern so much so that Kathleen Hicks, the deputy secretary of defense, ordered a review of the program in March.