Unclassified and Secure:  A Defense Industrial Base Cyber Protection Program for Unclassified Defense Networks

Gonzales, Daniel; Harting, Sarah; Adgie, Mary K.; Brackup, Julia; Polley, Lindsey; Stanley, Karlyn D.

Unclassified and Secure: A Defense Industrial Base Cyber Protection Program for Unclassified Defense Networks

Active / Technical Report | Accession Number: AD1097634 |

Open PDF

Abstract:

The defense industrial base DIB is under attack. Foreign actors are stealing large amounts of sensitive data, trade secrets, and intellectual property every day from DIB firmscontributing to the erosion of the DIB and potentially harming U.S. military capabilities and future U.S. military operations. In 2018, the U.S. Secretary of the Navy noted, attacks on our networks are not new, but attempts to steal critical information are increasing in both severity and sophistication. The U.S. Department of Defense DoD has taken steps to better secure systems against cyber threats, but most well-established protections in place focus on classified networks, while unclassified networks have become an attractive backdoor entrance for adversaries seeking access to cutting-edge technologies and research and development efforts. DoD simply lacks a comprehensive strategy for protecting the unclassified networks of DIB firms. To address this problem, DoD has increased regulations and introduced new security controls, but the current approach may be insufficientDIB firms cannot keep up. Cybersecurity is necessary but also expensivea suite of cybersecurity tools requires expertise to use, and the required combination of tools and skilled professionals may not be affordable for many DIB firms. Furthermore, the regulatory environment is complex and challenging to navigate, even for large firms with robust cybersecurity teams.

Author(s):

Gonzales, Daniel ; Harting, Sarah ; Adgie, Mary K. ; Brackup, Julia ; Polley, Lindsey ; Stanley, Karlyn D.

Author Organization(s):

RAND ARROYO CENTER SANTA MONICA CA SANTA MONICA United States

Descriptive Note:

Technical Report

Pagination:

0150

Security Markings

DOCUMENT & CONTEXTUAL SUMMARY

Distribution:

Approved For Public Release

Distribution Statement:

Approved For Public Release;

RECORD

Collection: TR

Identifying Numbers

Report Number(s):

RR4227

Subject Terms

Joint Capability Areas:

JCA_6_Net Centric; JCA_7_Protection; JCA_7.1.2_Prevent Non-kinetic Attack; JCA_7.1_Prevent; JCA_6.4.3_Respond to Attack Event; JCA_6.4.1_Secure Information Exchange; JCA_5_Command and Control; JCA_6.4.2_Protect Data and Networks; JCA_6.4_Information Assurance; JCA_3_Force Application; JCA_3.2_Engagement; JCA_3.2.2_Non-Kinetic Means; JCA_6.1.3_Switching and Routing; JCA_6.1.2_Wireless Transmission; JCA_6.1.1_Wired Transmission; JCA_6.1_Information Transport; JCA_5.3_Planning; JCA_2_Battlespace Awareness; JCA_5.2_Understand; JCA_5.2.3_Share Knowledge and Situational Awareness; JCA_4.2_Supply

Communities of Interest:

Cyber

Descriptor(s):

cybersecurity, intellectual property, department of defense, defense industry, computer networks, cyberspace operations, cyber protection, information security, costs, cyber threats

Field(s)/Group(s):

Computer Systems Management and Standards

Report Date:

2020 Jan 01

Creation Date:

2020 May 05