Ellen Lord, the undersecretary for acquisition and logistics at the Pentagon and a 2019 Wash100 winner, said officials plan to issue new cyber security standards for the industry to follow when competing for defense contracts, Fifth Domain reported Tuesday. The Department of Defense is working with the National Institute of Standards and Technology to create metrics on minimum cyber security practices.
“We are deriving cyber security standards form the NIST standards,” Lord said. “We will have metrics associated with those. We’ll stand up third-party auditors.”
She said the government intends to start using the new standards within the next 18 months to improve how it selects contractors. The effort will also involve Johns Hopkins University Applied Physics Laboratory in the future. Acting Defense Secretary Patrick Shanahan said in late 2018 that cyber security would become a key measurement to guide how the Defense Department evaluates companies.
However, small businesses have raised concerns with the proposed standards at the Pentagon. John Luddy, vice president for national security at the Aerospace Industries Association, told lawmakers that small and medium-sized vendors would face challenges in creating “self-sustaining cyber security programs” and in meeting the requirements of a one-size-fits-all checklist.