One of the top requests being made for security assistance to U.S. combatant commands (COCOMs) by allied and partner nations is for cybersecurity assistance for their defense networks and systems but the U.S. Defense Department lacks a good understanding of how the private sector could help here, a DoD cyber official said last week.
“One thing that I’ve been wrestling with here in the department, and that is as we are thinking about how to bolster our allies, security cooperation is big piece of this and what I’ve seen so far is that one of the number one requests to the combatant commanders for security cooperation assistance is in the area of cybersecurity,” Mieke Eoyang, deputy assistant secretary of defense for cyber policy, said on June 24 during an event hosted by Defense One. “But we do not have the clarity of offerings that the private sector could provide under security cooperation funds to our partners and allies and so I would encourage industry to work with us so that we have a better understanding of what might be available, what they might be able to provide through security cooperation to help shore up the cybersecurity of our partners and allies and door is always open to talk about that.”
Typically, the U.S. government uses security cooperation assistance to provide allies and partners with weapons systems and related defense equipment. But the COCOMs are now getting a lot of requests for cybersecurity help that could be purchased, she said.
Companies in the cybersecurity space are very familiar with the threat landscape and they may have technical offerings and services to provide U.S. allies through the security cooperation assistance program, Eoyang told Defense Daily on June 25 in a follow-up interview. Specifically, allies and partners are looking for help strengthening the security of their networks and military systems, she said.
This is an ongoing “conversation” about what a security assistance program for cybersecurity would look like, Eoyang said.
Eoyang also said during the event that the Defense Department, working with U.S. Cyber Command, has established a new “portal” aimed at helping the defense industry with information sharing and security practices related to cybersecurity.
The Projectspectrum.io website is geared toward helping small and medium-sized businesses in the defense industrial base that may not have the resources large contractors do for bolstering their cybersecurity and providing tips for how to engage with DoD when it comes to cybersecurity matters, she told Defense Daily.
The site includes reviews of cybersecurity tools, ways to report cybersecurity incidents to DoD, information about DoD cybersecurity regulations known as the Cybersecurity Maturity Model Certification, information about existing government-wide cybersecurity resources and more.
Last week, the cybersecurity firm BlueVoyant released a report saying the greatest cybersecurity risks in the defense supply chain come from small companies, particularly those in the manufacturing and research and development segments (Defense Daily, June 22). This is due to a lack of resources and sometimes not having senior managers focused on cybersecurity, the report said.