Defense

DOD mulls incentives for vendors to report vulnerabilities

The Pentagon (Photo by Ivan Cholakov / Shutterstock) 

The Defense Department wants its tech to be delivered uncompromised. But there are several obstacles to supply chain security, including lack of data from vendors on possible vulnerabilities.

For Defense Security Service Counterintelligence Director William Stephens, "uncompromised" means capabilities sent to operating forces without "critical information and or technology being wittingly or unwittingly lost, stolen, denied, degraded or inappropriately given away or sold." Or at the very least being able to account for how something took place, he said at an April 24 Center for Strategic and International Studies event on supply chain security.

DSS oversees cleared industry partners working on classified projects with the Defense Department. Stephens wants to capture potentially adverse information from those vendors as early as possible, even if that means paying companies incentives to get it right.

The agency has a lot on its plate. DSS gets about 50,000 reports annually, seriously looking into about 8,000 for counterintelligence interest. For the last two years, Stephens said reports have been overwhelmingly a mix of cyber and human activity: 16% were cyber only, 30% were human only, 54% had indicators of both. That means only focusing only on the cyber or intelligence connection "is a dangerous thing," he said.

"Industry does a good job" of reporting activity he said -- 15% of facilities report information of counterintelligence interest and a quarter making some sort report. But it's still not enough: DSS needs about three times as many facilities reporting for the data to be statistically significant, hence the need to incentivize contractors to report.

"The challenge is that we're going to have to incentivize if we're actually going to truly get to the depth and breadth of the challenge," he said. "If the incentives are correct, they'll deliver."

About the Author

Lauren C. Williams is a staff writer at FCW covering defense and cybersecurity.

Prior to joining FCW, Williams was the tech reporter for ThinkProgress, where she covered everything from internet culture to national security issues. In past positions, Williams covered health care, politics and crime for various publications, including The Seattle Times.

Williams graduated with a master's in journalism from the University of Maryland, College Park and a bachelor's in dietetics from the University of Delaware. She can be contacted at lwilliams@fcw.com, or follow her on Twitter @lalaurenista.

Click here for previous articles by Wiliams.


Featured

  • FCW Perspectives
    tech process (pkproject/Shutterstock.com)

    Understanding the obstacles to automation

    As RPA moves from buzzword to practical applications, agency leaders say it’s forcing broader discussions about business operations

  • Federal 100 Awards
    Federal 100 logo

    Fed 100 nominations are now open

    Help us identify this year's outstanding individuals in federal IT.

Stay Connected

FCW INSIDER

Sign up for our newsletter.

I agree to this site's Privacy Policy.