Defense

DOD mulls incentives for vendors to report vulnerabilities

The Pentagon (Photo by Ivan Cholakov / Shutterstock) 

The Defense Department wants its tech to be delivered uncompromised. But there are several obstacles to supply chain security, including lack of data from vendors on possible vulnerabilities.

For Defense Security Service Counterintelligence Director William Stephens, "uncompromised" means capabilities sent to operating forces without "critical information and or technology being wittingly or unwittingly lost, stolen, denied, degraded or inappropriately given away or sold." Or at the very least being able to account for how something took place, he said at an April 24 Center for Strategic and International Studies event on supply chain security.

DSS oversees cleared industry partners working on classified projects with the Defense Department. Stephens wants to capture potentially adverse information from those vendors as early as possible, even if that means paying companies incentives to get it right.

The agency has a lot on its plate. DSS gets about 50,000 reports annually, seriously looking into about 8,000 for counterintelligence interest. For the last two years, Stephens said reports have been overwhelmingly a mix of cyber and human activity: 16% were cyber only, 30% were human only, 54% had indicators of both. That means only focusing only on the cyber or intelligence connection "is a dangerous thing," he said.

"Industry does a good job" of reporting activity he said -- 15% of facilities report information of counterintelligence interest and a quarter making some sort report. But it's still not enough: DSS needs about three times as many facilities reporting for the data to be statistically significant, hence the need to incentivize contractors to report.

"The challenge is that we're going to have to incentivize if we're actually going to truly get to the depth and breadth of the challenge," he said. "If the incentives are correct, they'll deliver."

About the Author

Lauren C. Williams is a staff writer at FCW covering defense and cybersecurity.

Prior to joining FCW, Williams was the tech reporter for ThinkProgress, where she covered everything from internet culture to national security issues. In past positions, Williams covered health care, politics and crime for various publications, including The Seattle Times.

Williams graduated with a master's in journalism from the University of Maryland, College Park and a bachelor's in dietetics from the University of Delaware. She can be contacted at lwilliams@fcw.com, or follow her on Twitter @lalaurenista.

Click here for previous articles by Wiliams.


Featured

  • Management
    people standing on keyboard (Who is Danny/Shutterstock.com)

    OPM-GSA merger plan detailed in legislative proposal

    The White House is proposing legislation for a dramatic overhaul of human resources inside government and wants $50 million to execute the plan.

  • Cloud
    cloud applications (chanpipat/Shutterstock.com)

    GSA plans civilian DEOS counterpart

    GSA is developing a cloud email and enterprise services contract inspired by the single-source vehicle the Department of Defense devised for back-office software.

  • Defense
    software (whiteMocca/Shutterstock.com)

    DOD looks to unify software spending for 2020

    Defense Department acquisition head, Ellen Lord, hopes to simplify software buying and improve business systems following the release of the Defense Innovation Board's final software acquisition study.

Stay Connected

FCW INSIDER

Sign up for our newsletter.

I agree to this site's Privacy Policy.