3rd Party Risk Management , Governance & Risk Management , Government
DOD Unveils First-Ever National Defense Industrial Strategy
Pentagon Warns Failure to Modernize Defense Industrial Base Will Hinder US GloballyThe Pentagon says a failure to modernize the defense industrial base could result in diminished resilience and heightened technological risks, leaving the United States vulnerable to cyberattacks.
The Department of Defense released a first-ever National Defense Industrial Strategy as part of an effort to improve supply chain resilience and better protect the U.S. from cyberattacks, emerging threats and foreign adversaries.
The strategy includes four long-term priorities to help modernize the defense industrial ecosystem, including resilient supply chains, workforce readiness, flexible acquisitions and economic deterrence. Under the new strategy, Defense will aim to enhance collaboration with other federal executive departments to prevent cyberattacks targeting the DIB.
The strategy comes after multiple recent reports identified challenges throughout the defense industrial ecosystem, including a Government Accountability Office report published last October warning that the DOD may be overlooking critical defense industry risks.
Hackers during the past year made several notable supply chain attacks, including one in which North Korean hackers infiltrated a trading software package made by Trading Technologies, through which DPRK hackers hit multiple additional targets and planted information stealers in software created by desktop phone developer 3CX, which counts among its multinational corporate customers Toyota, Coca-Cola and Air France (see: North Korean Hackers Chained Supply Chain Hacks to Reach 3CX).
Cyber defenders spotted Russian military intelligence hackers just weeks ago exploiting a vulnerability in JetBrains TeamCity - widely used software that automates software building, testing and releasing. The hackers potentially gained access to developers' source code and signing certificates and the ability to subvert software compilation and deployment processes (see: CISA Warns of Russian Hackers Targeting JetBrains Software).
Under Secretary of Defense for Acquisition and Sustainment William A. LaPlante described the strategy as "ground-breaking" in a statement Thursday and said it "recognizes that America's economic security and national security are mutually reinforcing and, ultimately the nation's military strength cannot be untethered from our overall industrial strength."
The strategy calls on the Defense Department to coordinate with interagency partners to support industry in identifying and responding to cyberattacks through Project Spectrum. The DOD-supported initiative aims to improve readiness, resiliency and compliance for small manufacturers, the federal manufacturing supply chain and the industrial sector.
The Pentagon said that a continuing dependence on technology emanating from hostile third countries "poses a mounting national security challenge to the DIB and the components, systems, platforms and munitions it produces." The guidance says DOD "continues to lack a comprehensive effort for mitigating supply chain risk" and called on the agency to work with Congress and key stakeholders in eliminating defense industrial dependencies from China.
"The defense of the nation must not be held at risk by reliance on those who might seek to undermine it," the guidance says.
The guidance aligns with the Pentagon's national defense strategy published in 2022, which focuses on strengthening U.S. deterrence against China and increasing collaboration across U.S. allies and partners.