The U.S. Transportation Command has announced its support for the Department of Defense’s new Cybersecurity Maturity Model Certification to mitigate risks from its supply chain, the branch stated in February.
“When confronted with an advanced persistent threat actor, I don’t think any of our commercial providers are in a position to protect themselves,” said Gen. Stephen Lyons, commander of the U.S. Transportation Command.
TRANSCOM has worked to coordinate global logistics for the military and relies on global communications and private contracts to deliver fuel resupplies and other critical deliveries.
Lyons noted that prior to CMMC, cybersecurity language in contracts did not include the verification process within the contract requirements, as contractors were self-certified. “CMMC will do significant good in that area,” Lyons said.
TRANSCOM has also announced that it will strengthen and improve data access and security. “We are reviewing data sharing requirements to limit our exposure to adversaries, and we’re strengthening cybersecurity language in our information technology and software development contracts,” Lyons said.
In addition, the command will continue to migrate more data to the cloud to better collect and use its data. TRANSCOM has migrated 14 programs to commercial cloud environments, but it is unclear how many remain in legacy data centers.
“Cloud computing, balanced cybersecurity, information sharing, innovation at echelon and warfighting outcomes serve as our guiding principles as we modernize our digital portfolio,” Lyons said.
The new CMMC model will give the command a proxy in the independent assessors to check that contractors are living up to the new cybersecurity standards, securing the supply chain and access to vital data information.
Katie Arrington, chief information security officer at the Office of the Assistant Secretary of Defense for Acquisition and a 2020 Wash100 Award recipient, will serve as a keynote speaker at the CMMC Forum 2020. She will address the CMMC’s timeline, how the certification process could change and will provide a memorandum of understanding with a newly established CMMC accrediting body.
A full expert panel will include Ty Schieber, senior director of executive education and CMMC-AB chairman of the University of Virginia and Richard Naylor of the Defense Counterintelligence and Security Agency (DCSA) among other members of the federal sector and industry.
Register here to join Potomac Officers Club for its CMMC Forum 2020 on April 2nd to learn about the impact DoD’s CMMC will have on cybersecurity practices, supply chain security and other aspects of the federal market.