The focus on cybersecurity in the supply chain remains a priority in order to deliver “uncompromised” within the Department of Defense. Ensuring that contractors and subcontractors adhere to the requirements of the DFARS clause that specifies the details of this cybersecurity should be a priority for any company that does business with the DoD. Earlier this year, the Undersecretary of Defense, Ellen Lord, drafted correspondence directing DCMA to research ways to determine industry cybersecurity readiness. In March, she stated that cybersecurity standards for contractors are being derived from the NIST security controls, which will include metrics that will be utilized by third party auditors. Acting Defense Secretary Patrick Shanahan has previously stated that cybersecurity would become a key measurement for DoD to evaluate companies.
Small and medium companies have expressed concerns with the proposed standards, citing the challenges of creating a cybersecurity program. Despite concerns, it appears certain that in some manner, contractor cybersecurity will be a factor of “suitability” for the defense industrial base within the next 18 months.