May 28, 2019|
Working with the DoD? Up Your Score for the New AIA Cyber Standards
Growing cyber threats from nation state actors and other adversaries have the U.S. Department of Defense accelerating efforts to strengthen cyber defenses.
Last fall, Defense Secretary James Mattis, established a new task force, whose focus includes contractors, to protect critical digital technology. His memo cited the loss of classified and controlled unclassified information that is impacting the capabilities of U.S. armed forces. The Government Accountability Office also found that “nearly all” of the military’s advanced weapons systems had mission-critical cyber vulnerabilities. And the Pentagon failed its first ever financial systems audit largely due to problems in IT security.
Leaders at the Pentagon are now moving to make federal information security a key pillar in their acquisition strategy – equal to cost, schedule and performance. That will affect all defense contractors and their subs, who struggle to meet a varying range of security requirements across military branches and components.
In an effort to encourage a highly secure standard that would help ease that pain and bring consistency to DoD contractor qualifications, the Aerospace Industries Association (AIA) published a set of voluntary cybersecurity standards for aerospace and defense contractors late in 2018. These stringent standards build on NIST’s existing 110 benchmarks for cybersecurity, but add additional guidelines applicable to defensive technologies. They also include a 1-5 ranking scale to measure a contractor’s cyber capability levels, which will help companies both comply and differentiate when trying to win government business. Many contractors are now starting to look to these standards for improving their defensive posture and the security of the systems they sell.
Of course, most of the risks come down to data. The highly complex supply chains involved in defense contracting are only as strong as their weakest link¾that could be a collaboration system flaw at a multi-billion dollar corporation or a corrupted email sent from a specialty subcontractor five steps down the chain. As members of those supply chains scramble to up-level their information security protections, new technologies like Vera can make at least the data security aspect of their overall security architecture straightforward and simple.
By using Vera, access to sensitive files shared among defense contractors and their military customers can be easily set according to levels of authorization; file owners can also preset controls on the actions users can execute on those files. Those controls can be changed at any time, even after a file is circulating among stakeholders. Vera supplies an exhaustive audit trail of all successful and unsuccessful attempts to access those files. File owners will also be able to instantly revoke access in the event they are somehow shared with unauthorized users.
Given the popularity of collaboration platforms like SharePoint, Box and DropBox, Vera also lets contractor supply chain members securely collaborate on critical files. That enables all involved parties to standardize on a DoD-sanctioned collaboration platform without risking the vendor’s access to sensitive data. All of this is done transparently, so there is no disruption to the workforce.
In short, using Vera can help contractors easily up their AIA standards score and better protect our critical national defense systems. As the DoD and the massive military industrial complex begin what will likely be a long cyber-shift, Vera offers a solution to address at least one critical part of the equation quickly and efficiently.