TRANSCOM head: contractors not ready for persistent threats
- By Lauren C. Williams
- Feb 26, 2020
Gen. Stephen Lyons, the head of U.S. Transportation Command, said its commercial suppliers were defenseless against persistent cyber threats despite an increase in overall compliance.
"I don't think any of our commercial providers are in a position to protect themselves," Lyons told the Senate Armed Services Committee (SASC) during a 2021 budget review hearing focused on TRANSCOM and U.S. European Command.
Lyons said the command has worked for several years to bring contractors up to a "basic level of cyber hygiene" and inform company executives of cybersecurity concerns.
"We believe that their level of cyber hygiene has increased significantly," Lyons said of commercial carriers, as a result of including contract language for compliance, self-reporting mechanisms and sufficient resilience.
But enforcement, as SASC Ranking Member Sen. Jack Reed (D-R.I.) raised, is a problem.
"If you're not checking, you can have everything in the contract you want and have nothing," Reed said before asking whether TRANSCOM needed an authority to do no-notice checks on contractors.
Lyons said there were "second and third implications" on doing those sorts of activities and would get back to the SASC on the matter, but he later indicated that the Defense Department's impending unified cybersecurity standard for contractors, the Cybersecurity Maturity Model Certification, would do "significant good" in that area.
The first version of CMMC was released in January and is expected to first appear in requests for proposals by the end of 2020. Once implemented, defense contractors will be required to get a third-party certification to prove they have met basic cyber requirements before they can bid on future contracts.
Lyons also said that despite the weakness defending against advanced persistent threats, TRANSCOM has "multiple providers in each of the commodity areas so if we lose one we can rely on others."
This article first appeared on FCW, a partner site of Defense Systems.
Lauren C. Williams is a staff writer at FCW covering defense and cybersecurity.
Prior to joining FCW, Williams was the tech reporter for ThinkProgress, where she covered everything from internet culture to national security issues. In past positions, Williams covered health care, politics and crime for various publications, including The Seattle Times.
Williams graduated with a master's in journalism from the University of Maryland, College Park and a bachelor's in dietetics from the University of Delaware. She can be contacted at [email protected], or follow her on Twitter @lalaurenista.
Click here for previous articles by Wiliams.