DoD’s Kendall reassures lawmakers about vendor cybersecurity

The Defense Department isn’t just worried about the security of its own networks.

Under Secretary of Defense for Acquisition, Technology and Logistics Frank Kendall assured Sen. Brian Schatz (D-Hawaii) that the DoD is working to ensure that its vendors maintain the highest possible cybersecurity standards. The exchange happened during a budgetary request hearing for Defense innovation and research April 20.

“It seems to me that the wheels of government turn a little more slowly than...

READ MORE

The Defense Department isn’t just worried about the security of its own networks.

Under Secretary of Defense for Acquisition, Technology and Logistics Frank Kendall assured Sen. Brian Schatz (D-Hawaii) that the DoD is working to ensure that its vendors maintain the highest possible cybersecurity standards. The exchange happened during a budgetary request hearing for Defense innovation and research April 20.

“It seems to me that the wheels of government turn a little more slowly than we’d prefer, in terms of getting up to speed. So, whether it’s about disclosing any cyber breach or what recourse you have in the case of a breach, I’m just wondering whether you’re all the way to where you want to go, and whether you need any assistance on the authorizing or appropriating side to accelerate,” Schatz said.

Kendall said that the DoD has provided mandatory standards to industry, and that classified information is under control. However, he said that unclassified information can be damaging as well, so that’s one area that DoD is working in to increase security.

But Schatz seemed wary of mandatory standards, and made it clear that he’d prefer to see industry striving to exceed those standards as a matter of course.

“We may want to incentivize private sector companies for being even better than the minimum requirements, because that seems to be checking a box, and obviously that’s not what we’re intending to accomplish here,” Schatz said.

Kendall said that DoD has considered that approach, and that past performance is a source selection consideration. He also said that DoD is getting more proactive in enforcing cyber defense measures through contracting.

“We’re moving away from a ‘voluntary reporting of attack’ system to a ‘mandatory reporting of attack’ system and we’re moving to much more stringent standards to protect sensitive information,” Kendall said.

If a vendor fails to meet those standards, Kendall said DoD could view that as a breach of contract and take action, ranging from withholding payments until the issue is resolved to terminating the contract.

Much of the rest of the hearing was devoted to inquiries and updates on various DoD projects, including less heavy batteries for Marines, the Scorpion fighter jet and space-launch rocket systems.

Multiple senators, including Dick Durbin (D-Ill.), Jon Tester (D-Mont.) and Richard Shelby (R-Ala.), were concerned about the current state of U.S. rocket development. Currently, DoD purchases RD-180 rocket engines from Russia, and relies on these for strategic space launches.

However, the purchase of these rockets has been controversial for some months, and many other members of Congress want to stop using them, citing national security concerns. DoD has been exploring other options, but right now, according to Kendall, it would cost more than $1 billion to stop using the RD-180, because the U.S. currently has no affordable options.

Kendall did say that DoD is looking into a partnership with SpaceX, and has engaged with Blue Origin, an aerospace manufacturer, to begin developing new rocket engines to replace the RD-180. But both options require more time to reach maturity before the U.S. can affordably consider ending purchases of the Russian rocket engines.

Related Stories