Compliance Management, Threat Intelligence, Incident Response, Network Security, TDR

DoD policy delegates cybersecurity compliance responsibilities to military leaders

Navy CS Advisory

The U.S. Department of Defense (DoD) this month publicly disclosed its new Cybersecurity Discipline Implementation Plan, which assigns leaders across all military branches greater responsibility for fortifying operational systems against cyber intrusions.

The document, originally distributed in October 2015 and amended last month, is comprised of four “lines of effort” representing the most commonly exploited basic disciplines of cybersecurity. The four key tenets of the plan are: strong authentication, device hardening, reducing attack surface, and aligning and integrating military IT systems with Computer Network Defense Service Providers.

The plan instructs commanders and supervisors at all levels to report their progress toward meeting DoD requirements via the Defense Readiness Reporting System (DRRS), allowing senior leadership to review compliance “down to the tactical level.” This process complements a separate DoD Cybersecurity Scorecard, which the Secretary of Defense uses to gauge cybersecurity compliance at a higher strategic level.

“The DoD Cybersecurity Campaign reinforces the need to ensure Commanders and Supervisors at all levels, including the operational level, are accountable for key tasks,” the DOD plan states.

In keeping with the DoD's emphasis on cybersecurtity accountability, the Department of the Navy last month issued a notice that all users of its information systems must complete cybersecurity (CS) awareness training and demonstrate they are qualified to operate such systems responsibly. The notice advises, that “The continuing failure of a civilian employee to meet required Cyber IT/CS qualifications may be grounds for reassignment or separation under adverse action procedures.”

Bradley Barth

As director of multimedia content strategy at CyberRisk Alliance, Bradley Barth develops content for online conferences, webcasts, podcasts video/multimedia projects — often serving as moderator or host. For nearly six years, he wrote and reported for SC Media as deputy editor and, before that, senior reporter. He was previously a program executive with the tech-focused PR firm Voxus. Past journalistic experience includes stints as business editor at Executive Technology, a staff writer at New York Sportscene and a freelance journalist covering travel and entertainment. In his spare time, Bradley also writes screenplays.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.