Defense

DOD mulls incentives for vendors to report vulnerabilities

The Pentagon (Photo by Ivan Cholakov / Shutterstock) 

The Defense Department wants its tech to be delivered uncompromised. But there are several obstacles to supply chain security, including lack of data from vendors on possible vulnerabilities.

For Defense Security Service Counterintelligence Director William Stephens, "uncompromised" means capabilities sent to operating forces without "critical information and or technology being wittingly or unwittingly lost, stolen, denied, degraded or inappropriately given away or sold." Or at the very least being able to account for how something took place, he said at an April 24 Center for Strategic and International Studies event on supply chain security.

DSS oversees cleared industry partners working on classified projects with the Defense Department. Stephens wants to capture potentially adverse information from those vendors as early as possible, even if that means paying companies incentives to get it right.

The agency has a lot on its plate. DSS gets about 50,000 reports annually, seriously looking into about 8,000 for counterintelligence interest. For the last two years, Stephens said reports have been overwhelmingly a mix of cyber and human activity: 16% were cyber only, 30% were human only, 54% had indicators of both. That means only focusing only on the cyber or intelligence connection "is a dangerous thing," he said.

"Industry does a good job" of reporting activity he said -- 15% of facilities report information of counterintelligence interest and a quarter making some sort report. But it's still not enough: DSS needs about three times as many facilities reporting for the data to be statistically significant, hence the need to incentivize contractors to report.

"The challenge is that we're going to have to incentivize if we're actually going to truly get to the depth and breadth of the challenge," he said. "If the incentives are correct, they'll deliver."

About the Author

Lauren C. Williams is senior editor for FCW and Defense Systems, covering defense and cybersecurity.

Prior to joining FCW, Williams was the tech reporter for ThinkProgress, where she covered everything from internet culture to national security issues. In past positions, Williams covered health care, politics and crime for various publications, including The Seattle Times.

Williams graduated with a master's in journalism from the University of Maryland, College Park and a bachelor's in dietetics from the University of Delaware. She can be contacted at [email protected], or follow her on Twitter @lalaurenista.

Click here for previous articles by Wiliams.


Featured

  • IT Modernization
    shutterstock image By enzozo; photo ID: 319763930

    OMB provides key guidance for TMF proposals amid surge in submissions

    Deputy Federal CIO Maria Roat details what makes for a winning Technology Modernization Fund proposal as agencies continue to submit major IT projects for potential funding.

  • gears and money (zaozaa19/Shutterstock.com)

    Worries from a Democrat about the Biden administration and federal procurement

    Steve Kelman is concerned that the push for more spending with small disadvantaged businesses will detract from the goal of getting the best deal for agencies and taxpayers.

Stay Connected