With a number of high-profilesecurity hacks involving widely used software, government agencies are retraining their focus on their organization's security measures and those of the vendors and service providers that work with them. This shift in focus was actually on the rise before the recent hacks in anticipation of cyberattacks just like the ones we've recently seen.
In January of 2020, the Defense Department implemented the Cybersecurity Maturity Model Certification (CMMC), a unified standard for implementing cybersecurity across the defense industrial base (DIB), which includes over 300,000 companies in the supply chain. Contractors have always been held responsible for implementing and documenting their IT systems' security that touch sensitive government data. Under CMMC, this continues, but adds the need for a third party to assess the contractor's compliance.
House Intelligence Committee Chairman Mike Rogers said Oct. 1 he would like to see the United States go on the offensive in cyberspace more than it does, but that there is not a clear understanding across government of what an offensive policy entails.
The Michigan Republican said the Pentagon, the intelligence community and law-enforcement agencies must agree on attack protocols in the event Washington goes on the offensive in cyberspace.
"We haven't coordinated that policy," he told reporters after his appearance at a Washington Post-hosted conference. "We have disparate levels of cyber offensive capability across the federal government. ... Some are fantastic, some not so good and then [there are] some in the middle."