Pentagon engineers are still struggling “so hard” with ensuring the cybersecurity of the weapons hardware they are buying, despite progress in securing software and IT networks, a senior Department of Defense acquisition official said.
“We struggle so hard … with cybersecurity having been so focused on networks and IT, that when it comes to a system engineer, a system designer, they’re not familiar with those sorts of engineering methods,” said Acting Deputy Assistant Secretary of Defense for Systems Engineering Kirsten Baldwin.
“We don’t have strong cybersecurity engineering … inside our systems engineering,” she said, calling it “a big struggle and a huge opportunity” for contractors. “Help us translate IT and cybersecurity methods into a hardware weapons environment,” she urged the audience gathered last week at FedScoop’s Federal Cybersecurity Summit sponsored by Hewlett Packard Enterprise.
She said one approach the Pentagon was already taking was through an initiative called the Joint Federated Assurance Center, or JFAC.
“We have experts in our engineering labs and centers that care very much about this,” she said, “and have the capability to provide direct support to our [acquisition] programs, to help evaluate whether software or hardware microelectronics have been compromised,” she said.
JFAC, which was congressionally mandated in 2014 following fears about the security of the U.S. military’s supply chain, also distributes best practices for employing vulnerability scanning software and other automated tools for assuring the integrity of IT products, Baldwin said.