A new Deloitte report has identified challenges U.S. defense contractors and suppliers face when it comes to complying with cybersecurity regulations and measures that could be implemented by companies to adhere to such regulations and build up a cyber-resilient security posture.
Some of the challenges mentioned are the lack of formal governance program to evaluate the risk and enforce compliance throughout the supply chain and failure of defense prime contractors to validate the compliance of their suppliers with the National Institute of Standards and Technology SP 800-171, Deloitte said.
The study noted that primes and original equipment manufacturers should come up with a cybersecurity framework and implement regulatory and nonregulatory approaches to mitigate cyber threats.
Regulatory approaches include identifying suppliers in the supply chain by conducting a due-diligence discovery of suppliers; using risk-ranking criteria to assess suppliers; and considering on-site verification of cyber controls by prime contractors for highest-risk tier suppliers.
The report listed several nonregulatory measures such as digitizing and automating supply chain functions; using artificial intelligence and machine learning to gain visibility into the evolving threat landscape; and integrating blockchain technology to improve cyber posture.