Defense

TRANSCOM head says contractors struggle with advanced persistent threats

computer hack (MARCUSZ2527/Shutterstock.com) 

Gen. Stephen Lyons, the head of U.S. Transportation Command, said its commercial suppliers were defenseless against persistent cyber threats despite an increase in overall compliance.

"I don't think any of our commercial providers are in a position to protect themselves," Lyons told the Senate Armed Services Committee (SASC) during a 2021 budget review hearing focused on TRANSCOM and U.S. European Command.

Lyons said the command has worked for several years to bring contractors up to a "basic level of cyber hygiene" and inform company executives of cybersecurity concerns.

"We believe that their level of cyber hygiene has increased significantly," Lyons said of commercial carriers, as a result of including contract language for compliance, self-reporting mechanisms and sufficient resilience.

But enforcement, as SASC Ranking Member Sen. Jack Reed (D-R.I.) raised, is a problem.

"If you're not checking, you can have everything in the contract you want and have nothing," Reed said before asking whether TRANSCOM needed an authority to do no-notice checks on contractors.

Lyons said there were "second and third implications" on doing those sorts of activities and would get back to the SASC on the matter, but he later indicated that the Defense Department's impending unified cybersecurity standard for contractors, the Cybersecurity Maturity Model Certification, would do "significant good" in that area.

The first version of CMMC was released in January and is expected to first appear in requests for proposals by the end of 2020. Once implemented, defense contractors will be required to get a third-party certification to prove they have met basic cyber requirements before they can bid on future contracts.

Lyons also said that despite the weakness defending against advanced persistent threats, TRANSCOM has "multiple providers in each of the commodity areas so if we lose one we can rely on others."

About the Author

Lauren C. Williams is senior editor for FCW and Defense Systems, covering defense and cybersecurity.

Prior to joining FCW, Williams was the tech reporter for ThinkProgress, where she covered everything from internet culture to national security issues. In past positions, Williams covered health care, politics and crime for various publications, including The Seattle Times.

Williams graduated with a master's in journalism from the University of Maryland, College Park and a bachelor's in dietetics from the University of Delaware. She can be contacted at [email protected], or follow her on Twitter @lalaurenista.

Click here for previous articles by Wiliams.


Featured

  • Federal 100 Awards
    Federal 100 logo

    Nominations for the 2021 Fed 100 are now being accepted

    The deadline for submissions is Dec. 31.

  • Government Innovation Awards
    Government Innovation Awards - https://governmentinnovationawards.com

    Congratulations to the 2020 Rising Stars

    These early-career leaders already are having an outsized impact on government IT.

Stay Connected