Understanding Cybersecurity Maturity Model Certification (CMMC)
[ZOOM EVENT] Wednesday, June 23, 2021 @ 11AM-12PM ET


By Ken Michael

A new report from the National Defense Industrial Association (NDIA) reports that industrial security needs a great deal of work and is one of the major challenges facing the defense industrial base (DIB) that is also inhibiting national security.

The NDIA, a trade association for both the U.S. government and DIB, recently published its Vital Signs 2021: The Health and Readiness of the Defense Industrial Base report. The purpose of the report was to “provide an unclassified summary of the health and readiness of the defense industrial base that was accessible by both the American public and the defense policy community.” The Vital Signs 2021 report is the second annual installment of the report by the NDIA.

According to the NDIA, “America is at a crossroads with an increasingly dangerous and complex international security environment coupled with internal divisions exacerbated by the reckless rhetoric that led to a violent attack on our nation’s temple of democracy, the United States Capitol.”

The Overall Score

When compiling data for determining an overall score, the NDIA studied data from eight indicators that shape the performance and readiness of the DIB. Those included demand, production inputs, innovation, supply chain, competition, industrial security, political and regulatory, and productive capacity and surge readiness. These conditions were examined in 2018, 2019, and 2020. In 2020, the overall health and readiness score dropped by a point to 74 out of 100, leaving the overall score at a C rating. Not great when you consider the health and readiness of the DIB has a direct impact on our nation’s military and national defense.

Threats to the DIB and National Security

The Vital Signs 2021 report acknowledges that the “intensity of great-power rivalry between the United States and its principal strategic competitors, China and Russia, is increasing.” The report also recognizes many dangers to industrial security are increasing. Those range from traditional economic espionage to cybersecurity threats.

This means the ability of our nation’s U.S. military to maintain its technical advantage depends heavily on the health and security of the DIB. The United States Defense Department recognizes the threat of such competitors in addition to cybercriminals and has responded with a number of initiatives to shore up security for the DIB as a result. Such initiatives include the Cybersecurity Maturity Model Certification (CMMC), the Defense Federal Acquisition Regulation (DFARS), and the National Institute of Standards and Technology (NIST) Special Publication (SP) 800-171, among others. This will require defense contractors to implement new, and often expensive, security measures to protect our DIB data while ensuring our nation’s security.

The Industrial Security Score

When examining the security score for the DIB, the NDIA looked at factors including threats to intellectual property rights as well as threats to information security. Again, the study examined these between 2018 and 2020. What was discovered was “industrial security conditions continue to decline, losing ground on what was already a poor score.” The score for 2020 was a whopping 56 out of 100 possible points, which was a one percent drop from the previous score.

“The decline reflects larger trends in the erosion of industrial cybersecurity despite increasing attention and resources dedicated to combating the threat,” according to the report. “The drop in score between 2019 and 2020 came exclusively from worsening information security. In fact, the drop is due entirely to the number of newly reported IT cyber vulnerabilities, which is the only industrial security indicator to decrease in score since 2018. However, the magnitude is so large that it erases all the other gains, resulting in a decreased overall score for industrial security in 2020.” On the flip side of that, the average severity of each known vulnerability has slightly decreased since 2016 so there is some light at the end of the tunnel.

Data Breaches Surge

The report revealed that the surge in data breaches emphasizes the risk the DIB faces from cyber vulnerabilities. A proliferation of adversaries, competitors, and bad actors are attacking U.S. businesses, manufacturers, and the government systems at an alarming rate in order to obtain sensitive and proprietary information. This was most recently demonstrated by the SolarWinds breach in 2020 which was conducted by Russia.

“The ID Theft Center reported that the total number of breaches reported in 2019 (1,473) increased 17 percent from the total number of breaches reported in 2018 (1,257) and that the business sector exposed the highest number of non-sensitive records with a total of 705,106,352 exposed,” according to the Vital Signs 2021 report.

Cybersecurity Vulnerabilities Grow

While breaches are surging, the number one contributor to the drop in industrial security is the proliferation of known cybersecurity vulnerabilities. New cyber vulnerabilities increased to 17,305 in 2019 over the 6,447 in 2016. That is an increase of 168 percent in just a three-year period. Business applications and software for the internet and mobile solutions accounted for at least 45 percent of new cybersecurity vulnerabilities.

A 2020 analysis by SkyBox Security found “popular commercial software products Google Android and Microsoft Windows produced the most new vulnerabilities of any product.” Additionally, two-thirds of the vulnerabilities posted related to “simple and persistently unfixed software implementation errors.”

There is Hope

While data breaches have surged and IT cyber vulnerabilities increased, the report did find hope that threats to intellectual property rights continued to drop. The Federal Bureau of Investigation (FBI) has reported a steady decline in intellectual property rights investigations which the NDIA correlates with years of enhanced law enforcement.

Additionally, industrial security has been positively impacted as well by active rulemaking to shore up cybersecurity including the release of an Interim Rule for the CMMC and an Interim Rule for Section 889(a)(1)(B) of the Federal Acquisition Regulation (FAR) in 2019. In the coming years, the impact of the new regulations will be tracked with the goal of improving the DIB security while further shoring up U.S. national security.

As more and more DIB manufacturers, businesses, and vendors step up their physical and security game in order to achieve compliance and software producers improve their commercial products, the U.S. can begin to fight back against cyberattacks and data loss. This also means our military will be more technologically advanced and safer in the face of threats. All of this leads to better national security that protects all of us.

For more information about improving cybersecurity for your business or organization, achieving regulatory compliance, or addressing vulnerabilities on an ongoing basis, contact Dox Electronics at (585) 473-7766. Our professionals offer a free initial consultation and estimate with no obligation.
Share This Posting
Copyright ©   DoxWeb Design & SEO by Scriptable Solutions