The Defense Department’s impending cybersecurity certification requirement for all contractors has caused no shortage of concerns among small businesses worried about the cost. But the Pentagon’s lead for the effort made the case Wednesday that the move is necessary and, in some cases, will help small contractors.
“We need to lower the barriers. We need to speed up acquisition. But we also need to secure the [defense industrial base],” Katie Arrington, chief information security officer for the assistant secretary for defense acquisition, said during a talk at the Charleston Defense Contractors Association 2019 Summit in Charleston, South Carolina. “With 70% to 80% of our data living on my contractors’ networks, I don’t have a choice but to worry about how they’re doing it.”
Today, that process is “schizophrenic,” Arrington said. Defense contractors have been required to have a base level of cybersecurity on their systems through laws, policies and executive orders. However, those policies require vendors to self-certify—a method that is unreliable and, often, can put compliant businesses at a disadvantage. Arrington told the room of small businesses a…
