WASHINGTON — Defense Department acquisition chief Frank Kendall said the next generation of the Pentagon's influential acquisition document, Better Buying Power 3.0, will take aim at cybersecurity.
Already, defense acquisition rules are due to include a cybersecurity section, still being drafted. The "enclosure," meant for inclusion in the rules, known as DoD Instruction 5000.02, is aimed at concerns over attacks to the defense industrial base and the Defense Department's supply chain and maintenance systems.
"We worry about the weapons systems themselves and all of the connectivity they might have," said Kendall, speaking at a Bloomberg Government forum on Thursday. "These are ways in which a cyber threat can launch an attack, you can think of it as an attack surface, if you will."
"We have a long way to go and I'm not sure where this trail will lead ultimately," Kendall said of the cybersecurity effort, "but we absolutely have to do a better job of protecting everything about our weapons systems, birth to death."
Separately, defense acquisition rules are due to include a cybersecurity section, still being drafted. The "enclosure," meant for inclusion in the rules, known as DoD Instruction 5000.02, is aimed at concerns over attacks to the defense industrial base and the Defense Department's supply chain and maintenance systems.
The Pentagon also added rules under the Defense Federal Acquisition Regulation Supplement in late 2013, to impose safeguards on unclassified controlled technical information residing on contractor information technology systems and databases.
"You can gain a great deal in terms of time and cost if you can extract unclassified design information and don't have to do that yourself, and that's been happening quite a bit unfortunately," Kendall said.
"If we don't do this, we are letting the enormous treasure of our nation be stolen," he said. "We have to protect it more than we have."
"Let's say if you look at what it takes to put a satellite into orbit," Rogers said. "If you look at what it takes to build a major warship, for example. I mean we are talking five to 10 years. And the rate of change in the cyber dynamic in five to 10 years is just amazing to me."
"So even beyond what we would call strict cyber investments, our acquisition process and focus on ensuring that our programs are not delivering vulnerable systems across the board, not just networks but across the board, is contingent on those modernization programs going forward." Tighe said.
Joe Gould is the senior Pentagon reporter for Defense News, covering the intersection of national security policy, politics and the defense industry. He served previously as Congress reporter.