Advertisement

Lack of cooperation between contractors creates lasting vulnerabilities for DoD, official says

Col. Tim Brooks, the mission assurance division chief in the Department of Army Management Office, said a lack of dialogue between contractors is causing headaches as the military looks to harden its systems.
Col. Tim Brooks, U.S. Army
Col. Tim Brooks, left, speaks May 22, 2018, at the Security Through Innovation Summit presented by McAfee and produced by CyberScoop and FedScoop. (CyberScoop)

Competition among U.S. weapons makers keeps them from collaborating on cybersecurity problems, and it’s causing new and lasting vulnerabilities for the military, a senior U.S. official said Tuesday.

Col. Tim Brooks, the mission assurance division chief in the Department of Army Management Office, said a lack of dialogue between contractors is causing headaches as the military looks to harden its systems. Broadly speaking, most weapons systems often overlay multiple different hardware and software products that are not all made by the same company.

“With our weapons assessment program, there’s been a lot of time spent trying to break down organizational boundaries and to think about systems of systems,” Brooks said at the Security Through Innovation Summit presented by McAfee and produced by CyberScoop and FedScoop.

“That’s compounded by the fact that all these systems of systems are produced by subprime contractors and everyones got non-disclosure agreements and no one wants to disclose their secret sauce,” he said. “And I understand that. But if we don’t break down some of these barriers and we don’t get industry talking amongst themselves about how we could develop a common standard to ensure that information can flow from one side of an organization to another … then we’re never going to get better than our weakest link.”

Advertisement

He added, “we got to get better than that or we’re never going to beat our adversary.”

The Defense Department is supposed to complete vulnerability assessments for a total of 31 different major weapons programs before 2019, based on a requirement in the 2016 National Defense Authorization Act (NDAA).

But the issue of securing what are usually clunky weapons systems, which often run on outdated or custom operating systems, has been a well known challenge for decades. With the U.S. government becoming increasingly aware of specific cyberthreats aimed at this type of technology, the military is now leaning on the private sector to prioritize digital security during the development cycle.

“This lack of knowledge and the effects it can have throughout a program’s acquisition life cycle can increase the risk of undesirable cost and schedule outcomes,” a previous Government Accountability Office (GAO) report on weapons system acquisition notes.

Chris Bing

Written by Chris Bing

Christopher J. Bing is a cybersecurity reporter for CyberScoop. He has written about security, technology and policy for the American City Business Journals, DC Inno, International Policy Digest and The Daily Caller. Chris became interested in journalism as a result of growing up in Venezuela and watching the country shift from a democracy to a dictatorship between 1991 and 2009. Chris is an alumnus of St. Marys College of Maryland, a small liberal arts school based in Southern Maryland. He's a fan of Premier League football, authentic Laotian food and his dog, Sam.

Latest Podcasts